Connecticut’s Privacy Report Highlights Rising Expectations for Businesses | Kelley Drye & Warren LLP
https://www.jdsupra.com/legalnews/connecticut-s-privacy-report-highlights-5947680/
Publish Date: 2026-03-02 17:01:00
Source Domain: www.jdsupra.com
Earlier this month, Connecticut Attorney General William Tong released the 2025 Connecticut Data Privacy Act (CTDPA) Enforcement Report, offering the most comprehensive view yet of the state’s privacy enforcement priorities and emerging risk areas for businesses. The Report analyzes consumer complaint trends, highlights core enforcement themes, and underscores how Connecticut’s privacy regime is shifting from foundational implementation to more targeted enforcement. The report also includes a number of legislative recommendations that may signal future changes to the CTDPA, in addition to those scheduled to go into effect on July 1, 2026. We summarize the Report below.
1. Privacy-Related Consumer Complaints
The Report begins by identifying several common categories of consumer complaints from 2025, including:
- Unfulfilled Consumer Data Rights Requests. The Report notes that Connecticut continues to receive complaints about businesses failing to timely honor consumers’ access, deletion, and opt-out requests. Connecticut emphasizes that simply providing a submission channel is not enough. Companies must implement operational processes for identity verification, request tracking, and fulfillment that comply with statutory deadlines.
- Data Breaches. The Report indicates that Connecticut received a number of complaints relating to data security incidents and breach notifications, with a particular focus on whether notices were easy to understand and contained all statutorily required information. Connecticut also examined companies’ internal incident response documentation and decision-making processes, signaling that the state expects organizations to maintain clear records demonstrating how and when breach determinations and notification obligations were assessed.
- People Search Websites & “Publicly Available” Data. The Report states that nearly one-third of the complaints received this year involved entities or data potentially exempt under the…
