SecurePrivacy Logo

Connecticut Data Privacy Act (CTDPA)

View Law Text
Maximum Fine
$5,000 per violation
Scope
State
Regulator
AG
Status
Active

Need Help with Connecticut Data Privacy Act (CTDPA) Compliance?

Get expert guidance on implementing CTDPA requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Connecticut Data Privacy Act establishes comprehensive privacy rights for Connecticut residents and obligations for businesses processing personal data.

Key Facts

  • Effective July 1, 2023
  • Enforced by Connecticut Attorney General
  • Includes consumer rights and business obligations
  • Requires data protection assessments
  • Provides 60-day cure period until December 31, 2024

Key Principles

Consumer Rights

Rights granted to Connecticut residents under CTDPA.

Requirements

  • Right to access
  • Right to delete
  • Right to data portability
  • Right to correct inaccuracies
  • Right to opt-out of targeted advertising
  • Right to opt-out of sales
  • Right to opt-out of profiling

Examples

  • Access request procedures
  • Deletion mechanisms
  • Data portability formats
  • Correction processes
  • Opt-out mechanisms

Data Minimization

Requirements for limiting data collection and processing.

Requirements

  • Collection limitations
  • Processing restrictions
  • Storage limitations
  • Purpose specification
  • Data quality

Examples

  • Data inventories
  • Processing records
  • Retention schedules
  • Purpose documentation

Transparency

Clear disclosure requirements for controllers.

Requirements

  • Privacy notice requirements
  • Processing disclosures
  • Rights information
  • Sharing practices
  • Contact information

Examples

  • Privacy policies
  • Notice updates
  • Rights notifications
  • Processing records

Compliance Requirements

Data Protection Assessments

Required assessments for high-risk processing activities.

Implementation Steps

  • Identify processing requiring assessment
  • Document risks and benefits
  • Evaluate safeguards
  • Consider alternatives
  • Implement controls

Required Documentation

  • Assessment procedures
  • Risk analyses
  • Control documentation
  • Review records
  • Mitigation plans

Consumer Request Handling

Procedures for handling consumer rights requests.

Implementation Steps

  • Establish request procedures
  • Implement verification methods
  • Set response timelines
  • Train staff
  • Document responses

Required Documentation

  • Request procedures
  • Verification methods
  • Response templates
  • Training materials
  • Request logs

Enforcement & Penalties

Attorney General Enforcement

The Connecticut Attorney General has exclusive authority to enforce the CTDPA.

Penalty Categories

Civil Penalties
Up to $5,000 per violation
For each willful violation
Injunctive Relief
Varies
Court orders to cease violations

Example Cases

Example Case 1
$50,000
2023 - Multiple violations of consumer rights
Example Case 2
$25,000
2023 - Failure to implement required safeguards