State privacy overview

Connecticut Data Privacy: A Plain-Language Overview

Informational summary · Connecticut Data Privacy Act (CTDPA)
General information — not legal advice. This overview is provided for general educational purposes only and may not reflect the most recent changes in the law. It is not legal advice and does not create any attorney–client relationship. Verify current requirements with the state's official resources and consult qualified counsel before acting.

Connecticut Data Privacy Act (CTDPA)

Status: Effective July 1, 2023; currently enforceable.

The CTDPA grants Connecticut residents the right to access, delete, and opt out of the sale of their personal data. It imposes specific duties on businesses handling personal data, including transparency, data minimization, and security requirements.

Rights residents generally have

Who it generally applies to

For-profit entities that conduct business in Connecticut or target CT residents and meet one of the following: control or process the personal data of at least 100,000 consumers (excluding transaction data), or derive over 25% of gross revenue from the sale of personal data and control or process the data of at least 25,000 consumers.

What this means for B2B outreach

The law applies to personal data of residents acting in an individual capacity. It generally does not apply to data collected or processed in a person's role as an employee, B2B contact information, or commercial email transactions.

Authoritative source: Connecticut Office of the Attorney General. Always confirm current requirements there.

Marketing that respects privacy by design

We run permission-based, compliance-minded campaigns with real opt-out handling.

Talk to us

← All state privacy overviews