This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| less than a minute read

Connecticut Likely to Enact Nation's Fifth State Privacy Law

Connecticut's legislature in late April passed a new comprehensive privacy bill similar to the California Consumer Privacy Act and other state acts that will take effect next year in Colorado, Virginia, and other states. Like those bills and the EU privacy rules before them, the bill requires clear disclosures of how consumer data are used, and establishes certain individual rights vis a vis data collected.  

Among the specific requirements of the Connecticut law is an opt-in consent model for the sale of data or use of it for targeted advertising, and a requirement that websites honor global privacy settings, which many websites do not currently honor.  

Why It Matters

The spread of US privacy laws means that it is virtually impossible not to be subject to privacy compliance rules. Large companies are directly regulated in most instances, and they are generally required to pass on compliance duties to their suppliers via contract. This means that even small businesses not regulated directly will have compliance duties if they contract with larger customers.  

It will become effective July 1, 2023, and covers businesses holding data on more than 100,000 consumers or those deriving 25% of annual revenue from the sale of data belonging to more than 25,000 consumers. Also included are provisions for recognition of global opt-out signals; required opt-out consent for data sales, targeted advertising and profiling; strong protections for children's and biometric data; and a sunsetting right to cure.


small business, cyber security, insights, hill_mitzi, data security and privacy