Connecticut has joined the fray of states passing comprehensive privacy laws (goes into effect July 1, 2023), and having the law closely track the EU's General Data Protection Regulation (GDPR). Indeed, the Connecticut Data Privacy Act (CTDPA for short) has all the normal GDPR bells and whistles, and if you have a solid program in place for the GDPR, you are well on your way to compliance. If not, your company should start mapping/inventorying the personal data it has today for the CTDPA (as well as the California, Virginia, Colorado, and Utah laws going into effect soon) to determine what applies and what doesn't.
The CTDPA provides Connecticut consumers with certain rights (access, correction, deletion, portability, and the right to opt-out of targeted advertising and sale of personal data) and imposes obligations on companies (data controllers and processors alike), such as the use of reasonable security practices, data assessments, and contracting requirements between controllers and processors.
Where to start?
1. Determine if the CTDPA (and any of the other state laws apply to your company). This can be done by mapping/inventorying the personal data your company has in its possession. Hint, as with most privacy laws, it can apply to companies that have no physical presence in Connecticut.
2. Reach out to vendors and service providers now/look at the contracts that are up for renewal. The contracting process can take much longer than you'd think, especially if the other party isn't as invested, or thinks the law doesn't apply to them. It can go smoother if renewal of an agreement hinges on their signing the additional data protection addendum.
3. Contact counsel about other compliance obligations. Most of these are internal to your organization, and you can better control the speed at which they are accomplished.
4. Start hoping that Congress will soon step in and create federal privacy legislation. While all these state laws have similar elements, they differ slightly, and it would make compliance less of a mine field, and more of a yellow brick road for companies worldwide.
/Passle/62189924f636e915f48daeda/SearchServiceImages/2025-06-11-22-37-37-318-684a0531067635cd547c85d1.jpg)
/Passle/62189924f636e915f48daeda/SearchServiceImages/2025-06-09-14-27-36-591-6846ef58ab796b483adbe052.jpg)
/Passle/62189924f636e915f48daeda/SearchServiceImages/2025-05-30-08-16-17-526-68396951910f51d765780a9a.jpg)
/Passle/62189924f636e915f48daeda/MediaLibrary/Images/2025-05-25-01-29-07-564-68327263b83dc916230e9f79.png)