Please do not leave this page until complete. This can take a few moments.
Joining a national trend, Connecticut became the fifth state to enact a broad-based privacy law in May.
Many familiar privacy laws are limited in the scope of the information they cover. For example, HIPAA applies only in the context of healthcare providers and insurers. Our new law, Public Act 22-15, will give Connecticut residents broad rights to their personal data and impose many new obligations, especially for consumer-facing, medium-sized and larger businesses.
PA 22-15 covers for-profit businesses that hold the data of at least 100,000 Connecticut residents, or 25,000 when the business derives at least 25% of its revenue from selling consumer data. As a result, the law does not apply to nonprofit organizations and is unlikely to impact most small businesses.
For businesses that are impacted, the obligations will be substantial. PA 22-15 will apply to essentially all information held by a business that is linkable to an identifiable individual. This will include not only traditional contact data (name, address and email), but also information such as purchase history and page visits.
The new law obligates businesses to limit the data collected to what is reasonably needed for the intended purpose, and then to limit use of that data for those purposes.
Prior consent of the Connecticut resident is necessary to collect sensitive data, such as racial or ethnic origin, health information or precise geolocation. Businesses will also need to implement data security practices to protect collected data; however, the statute does not define what those safeguards should be other than they must be reasonable.
Businesses that are subject to PA 22-15 will be required to provide numerous rights to Connecticut residents. These rights include: 1) the ability to learn what data the business possesses; 2) to receive a portable copy of that data; 3) to correct inaccuracies; and 4) to require deletion of the data.
Responses to these requests must generally be provided within 45 days and without charge. An appeals process must be provided if the right is denied. Where a business uses personal data for targeted advertising or profiling or sells personal data, Connecticut residents will have the option to opt-out of those activities.
The processes for exercising all of these rights will need to be disclosed in a thorough privacy notice that is publicly available on your business’ website.
PA 22-15 first takes effect in roughly a year, July 1, 2023.
The Connecticut General Assembly seemingly considered the concerns of business when shaping the law to allow for compliance without being overly punitive.
Violations of the law will constitute an unfair trade practice punishable through fines of up to $25,000 per violation. As the law will be enforced only by the Connecticut Attorney General’s Office, private and class action lawsuits will not be a concern.
Until Dec. 31, 2024, businesses will also be provided a 60-day period to address any deficiencies identified.
While many national firms will be familiar with the obligations imposed by PA 22-15 due to other state privacy laws, regional companies may be required to implement a privacy program for the first time.
Russell F. Anderson is an attorney with law firm Pullman & Comley LLC.
This special edition informs and connects businesses with nonprofit organizations that are aligned with what they care about. Each nonprofit profile provides a crisp snapshot of the organization’s mission, goals, area of service, giving and volunteer opportunities and board leadership.
Learn moreHartford Business Journal provides the top coverage of news, trends, data, politics and personalities of the area’s business community. Get the news and information you need from the award-winning writers at HBJ. Don’t miss out - subscribe today.
SubscribeDelivering Vital Marketplace Content and Context to Senior Decision Makers Throughout Greater Hartford and the State ... All Year Long!
Read HereThis special edition informs and connects businesses with nonprofit organizations that are aligned with what they care about. Each nonprofit profile provides a crisp snapshot of the organization’s mission, goals, area of service, giving and volunteer opportunities and board leadership.
Hartford Business Journal provides the top coverage of news, trends, data, politics and personalities of the area’s business community. Get the news and information you need from the award-winning writers at HBJ. Don’t miss out - subscribe today.
Delivering Vital Marketplace Content and Context to Senior Decision Makers Throughout Greater Hartford and the State ... All Year Long!
In order to use this feature, we need some information from you. You can also login or register for a free account.
By clicking submit you are agreeing to our cookie usage and Privacy Policy
Already have an account? Login
Already have an account? Login
Want to create an account? Register
In order to use this feature, we need some information from you. You can also login or register for a free account.
By clicking submit you are agreeing to our cookie usage and Privacy Policy
Already have an account? Login
Already have an account? Login
Want to create an account? Register
This website uses cookies to ensure you get the best experience on our website. Our privacy policy
To ensure the best experience on our website, articles cannot be read without allowing cookies. Please allow cookies to continue reading. Our privacy policy
0 Comments