On May 10, 2022, the Connecticut Data Privacy Act (CTDPA), formally an Act Concerning Personal Data Privacy and Online Monitoring, was signed into law by the state governor. The law will come into full effect on July 1, 2023. This makes Connecticut the fifth state to enact a new data privacy law.
Requirements of the CTDPA
The CTDPA was influenced by similar recent data privacy laws such as the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA). It applies to companies that conduct business in Connecticut or sell products to its residents, with limitations based on the number of Connecticut customers and exemptions for organizations in certain industries (government, higher education, non-profits, finance, and healthcare).
The CTDPA grants consumers certain rights, including:
- The right to be informed
- The right to rectification
- The right to be forgotten/erasure
- The right to access
- The right to restrict processing
Beyond these consumer rights, organizations collecting and processing the data of Connecticut residents must also follow certain restrictions. These include minimizing the collection of consumer data, only using it for purposes related to the original intent of its collection, protecting it, and obtaining consent for processing sensitive data.
How MorganFranklin Can Help
The new CTDPA regulation is very similar to other recent data privacy laws, such as the GDPR and CCPA in terms of its consumer rights and business requirements. As a result, organizations can implement the policies, processes, and security controls developed for these regulations with minor modifications.
MorganFranklin experts have extensive experience in developing compliance strategies tailored to an organization’s unique business needs and the requirements of evolving regulatory requirements. Our experts can help organizations to implement sustainable, scalable, and usable compliance programs in advance of the CTDPA going into effect.