Updated: May 12
Consumer privacy laws are becoming an increasingly important aspect of legislation in the United States. Connecticut is one of the latest states to enact a comprehensive set of laws to address it.
On May 10, 2022, it officially became the fifth state to lay out the parameters that corporations need to operate within as they go about their business.
These laws regulate how companies that sell products or services to state residents handle their clients’ information.
Let’s take a closer look at the provisions of these new laws and what they mean for businesses and Connecticut residents.
Connecticut Privacy Law Provisions
This legislation is modeled upon the recently established legislation in Colorado, Utah, California, and Virginia.
It’s officially termed the Connecticut Act Concerning Personal Data Privacy and Online Monitoring and is designed to afford Connecticut residents numerous critical rights concerning their data.
These provisions give people a modicum of control over:
How businesses access their personal information
The ability to request corrections on inaccurate data concerning them
The ability to request access to and copies of their data in the hands of businesses
The right to have their personal data deleted from business records at their request
The right to opt-out of any data collection for the purpose of profiling targeted advertising, or forward sales to other entities
How These Laws Affect Your Business
These are affirmative rather than passive measures, meaning you should be aware of them in advance. Once the legislation is enacted, you will be required to:
Reliably establish a reasonable physical and technical data security regime and maintain it, so that customer data is kept secure.
Give all your Connecticut clients a privacy notice outlining all the various categories of personal data you will be processing, especially if you intend to share their data with third parties.
They should be informed about their rights to access, delete, modify, or opt-out of any targeted advertising or marketing initiatives.
Keep the collection of personal customer data to a minimum and put measures in place to minimize the chances of processing personal client data for purposes that are neither known nor approved by the client.
The only exception should be cases where the client’s approval is obtained beforehand.
It’s important to note that this legislation does not give private consumers the right of recourse in case they feel that their privacy rights have been violated. Instead, it places this capacity in the hands of the Connecticut Attorney General’s office.
They will be responsible for issuing notices of violation to offending businesses, after which the company will be given 60 days to rectify their offensive practices.
Any violations of this legislation will be considered ‘unfair trade practice,’ which will bring the violating entity under legal breach of the CUTPA (Connecticut Unfair Trade Practices Act), which carries potential punitive damages, civil penalties, and injunctive action.
Still, this will only be the practice until 2025, after which the opportunity to cure their violation will not be automatically guaranteed.
The laws outlined in Connecticut’s Personal Data Privacy legislation are designed to bolster the individual privacy rights enshrined in America’s constitution without placing undue restrictions on businesses.
While private citizens need to understand their rights as contained in these laws, business owners should pay special attention to them.
Prudent business owners should understand the most effective ways to develop comprehensive and practical privacy policies in compliance with the consumer data privacy requirements that will soon be coming into effect.
Here, at Adzapier, we provide solutions that fit within and build upon the current landscape with the flexibility to adapt and reform to succeed in this shifting privacy landscape.
Our priority for our clients (publishers, advertisers, brands) is to maintain full transparency when it comes to privacy compliance.