Connecticut Overhauls Its Privacy Law: What Businesses Need to Know | Mintz – Privacy & Cybersecurity Viewpoints

Staff Editor 2026-06-08
Connecticut Overhauls Its Privacy Law: What Businesses Need to Know | Mintz – Privacy & Cybersecurity Viewpoints

Connecticut Overhauls Its Privacy Law: What Businesses Need to Know | Mintz – Privacy & Cybersecurity Viewpoints

https://www.jdsupra.com/legalnews/connecticut-overhauls-its-privacy-law-4270090/

Publish Date: 2026-06-08 10:55:00

Source Domain: www.jdsupra.com

Connecticut has significantly expanded its privacy law.

Connecticut Governor Ned Lamont has signed Senate Bill 4 into law, making major changes to the Connecticut Data Privacy Act (CTDPA). Together, these updates represent some of the most significant changes to the CTDPA since it took effect.

The amendments introduce new rules for data brokers, prohibit the sale of precise geolocation data, restrict certain forms of personalized pricing, and create new protections for genetic information.

New Rules for Data Brokers

Key dates: Registration begins January 1, 2027.

Businesses that sell or license personal data to third parties may soon face a new compliance regime in Connecticut.

Under the amendments, a “data broker” is generally a business that sells or licenses personal data that has been organized or categorized for third-party use.

Key requirements include:

  • Annual registration. Beginning January 1, 2027, data brokers must register with the Connecticut Department of Consumer Protection (DCP) and pay an annual fee.
  • Public listing. Registration information will be published by the DCP.
  • Universal deletion requests. By July 2028, Connecticut must launch a single deletion portal that allows consumers to submit one request to all registered data brokers at once.
  • Deletion obligations. Starting in October 2028, data brokers will be required to regularly check the portal, honor deletion requests, and pass those requests on to service providers and downstream recipients where applicable.
  • Independent audits. Beginning in 2031, registered data brokers must undergo third-party compliance audits every three years.

Certain organizations already regulated under laws such as HIPAA, GLBA, FCRA, and DPPA are exempt from these requirements.

The penalties can be substantial: violations may result in fines of up to $200 per day, per consumer.

Privacy Law Changes Take Effect October 1, 2026

Several updates will affect businesses already subject to the CTDPA. …

Source

More Stories

GDPR Personal Data Definition Under Fire: EU Privacy Watchdogs Debate Digital Omnibus Risks

GDPR Personal Data Definition Under Fire: EU Privacy Watchdogs Debate Digital Omnibus Risks

Staff Editor 2026-06-08
Just today gets you this UGREEN webcam with dual noise-canceling mics and built-in privacy shutter

Just $18 today gets you this UGREEN webcam with dual noise-canceling mics and built-in privacy shutter

Staff Editor 2026-06-08
Massachusetts passes data privacy law banning sale of precise location data | Ukraine news

Massachusetts passes data privacy law banning sale of precise location data | Ukraine news

Staff Editor 2026-06-08

Terms and Conditions - Privacy Policy