Less than one year after the Connecticut Data Privacy Act ("CTDPA") came into effect, the state's Attorney General's Office ("OAG") released a report on the status of the new data privacy law. The Report reviews inquiries, complaints, and enforcement activities undertaken under the CTDPA. According to the Report, the OAG has issued over a dozen notices of violation of the CTDPA and several broader information requests to companies. The companies subject to these OAG actions represent a range of business sectors, including retail, grocery, fitness, event services, career services, parenting technologies, car companies, genetics testing, and home improvement.

‍

The OAGs have identified the following enforcement priorities:

• Privacy policies (e.g., inadequate, confusing, or missing disclosures; ineffective rights mechanisms);
• Sensitive data (e.g., health data, biometric data, children's data, and precise geolocation data);
• Teens' data (e.g., regarding collection, targeting advertising, consent); and
• Data brokers.

‍

The Report recommends measures to strengthen the CTDPA, including narrowing the entities exempt from compliance. The OAG also notes that it may pursue enforcement against companies already under investigation by the FTC. If you'd like to learn more about complying with the Connecticut's Data Privacy Act and the new data privacy law, contact us for a free consultation.