Privacy Laws Connecticut

Connecticut Data Privacy Act

CTDPA

Closely modeled after CPA. Requires recognition of universal opt-out signals and provides strong consumer rights.

Effective Date

2023-07-01

Enforcement

Attorney General

Consumer Threshold

100,000 consumers

Revenue Threshold

No threshold

Key Requirements

Clear and accessible privacy notice

Right to access, correct, delete personal data

Right to data portability

Right to opt-out of sale, targeted advertising, profiling

Honor universal opt-out mechanisms

Data protection assessments

Consent for sensitive data

Data minimization

Processor contracts required

Up to $5,000 per violation under CUTPA.

60-day cure period (expires December 2024)

Must honor universal opt-out signals. Consent required before processing sensitive data.