The Connecticut House of Representatives and Connecticut Senate has passed the Connecticut Data Privacy Act (CTDPA). The Act now heads to the Governor for their signature. Once signed, the CTDPA will take effect on July 1, 2023. This would make Connecticut the fifth state to pass a consumer privacy law.
The Act will apply to:
- Any businesses that conduct business in Connecticut or produce products or services targeted to Connecticut residents, and
- Controlled or processed the personal data of 75,000 or more consumers annually or derive over 25% of its gross revenue from the “sale” of personal data and control or process the personal data of at least 25,000 residents annually.
It will not apply to:
- Any body, authority, board, bureau, commission, district, agency, or political subdivision of the state
- Non-profit organizations
- Institutions of higher education
- National securities associations registered under the Securities Exchange Act of 1934
- Financial institutions or data subject to the GLBA
- Hospitals, whether non-profit or for-profit.
The Act most closely resembles the Colorado Privacy Act while incorporating aspects of Virginia’s CDPA.
Find out more about the US Privacy Laws we have already seen.
