US data privacy laws are becoming increasingly complex. We’ll help you streamline compliance with Connecticut’s data privacy law, along with other relevant regulations, all from one platform.
Connecticut Data Privacy Act Compliance
Operationalize CTDPA compliance
Protect and govern Connecticut consumer data and keep up with changes to state and US privacy laws with the OneTrust Privacy and Data Governance Cloud.
Deploy a single platform for privacy automation and personal data governance
Implement consumer rights fulfillment to ensure Connecticut residents see the appropriate opt-out preference signals. Capture, track, and sync consumer consent across systems to avoid the unauthorized sale of personal data, correct inaccuracies, and manage the collection and exchange of personal data.
Adhere to notification requirements and easily update, centralize, and distribute policies, notices, and disclosures across web and mobile properties from a single platform. Update privacy notices to include data subject rights under CTDPA and direct consumers to a data subject rights intake form.
Empower stakeholders to efficiently conduct business and document risk for targeted advertising, profiling, sales of data or in situations where activities present a heightened risk to consumers. Embed templates into existing business systems to auto-collect information for audits.
FAQs
Like other state privacy laws, Connecticut’s privacy act covered entities include:
- Conduct business in the state or sell products or services to residents of the state and control or process the data of 100,000 customers (excludes personal data controlled/processed solely to complete a transaction)
- Or control or process the data of 25,000 or more customers and derive over 25% of their gross revenue from the sale of personal data
In other words, like Utah, Colorado and California laws, even if your business isn’t located in Connecticut, you still may need to comply with the regulation.
CTDPA consumer requests include right to access, correction, deletion, data portability, and opt-out for targeted advertising, the sale of personal data, and automated decision-making profiling.