LAW REQUIREMENTS

WHO IS AFFECTED:

-Businesses based in Connecticut and/or businesses that serve or produce products for Connecticut residents.

-Businesses that process the data of at least 100,000 consumers annually (minus transactions that are limited to just a payment of some sort) or make at least 25% of their revenue from the sale of personal information and process data for at least 25,000 consumers annually.

• Limit the collection of data to what is “adequate, relevant and reasonably necessary in relation to the purpose” for which data is processed (as disclosed to customers)
• Establish, implement, and maintain reasonable data security controls, among other requirements
• Provide for consent and consent-revocation when processing “sensitive personal data” (including information about race or ethnicity, religion, health conditions, sex life or orientation, citizenship or immigration status, genetic or biometric data, children’s data, and precise geolocation data).
• The law additionally restricts the ability to target advertising for children between the ages of 13 – 16.

• Connecticut consumers have the right to access, correct, delete, and port their data. In addition, businesses must provide consumers an opt-out for targeted advertising, the sale of their data, and automated decision-making profiling. Owners are required to respond to consumer requests no later than 45 days after receipt of the request.

• The CTDPA requires business owners to post a “reasonably accessible, clear, and meaningful” privacy notice. Privacy notices must include the type of data being processed and which are shared with third parties and how consumers can exercise their rights. There must also be an email address or other mechanism visible so consumers can contact the business.

• Businesses are required to have data protection assessments completed and documented. Proof of these assessments may be specially requested by the state Attorney General at their discretion.

LAW REQUIREMENTS

WHO IS AFFECTED:

-Businesses based in Connecticut and/or businesses that serve or produce products for Connecticut residents.

-Businesses that process the data of at least 100,000 consumers annually (minus transactions that are limited to just a payment of some sort) or make at least 25% of their revenue from the sale of personal information and process data for at least 25,000 consumers annually.

• Limit the collection of data to what is “adequate, relevant and reasonably necessary in relation to the purpose” for which data is processed (as disclosed to customers)
• Establish, implement, and maintain reasonable data security controls, among other requirements
• Provide for consent and consent-revocation when processing “sensitive personal data” (including information about race or ethnicity, religion, health conditions, sex life or orientation, citizenship or immigration status, genetic or biometric data, children’s data, and precise geolocation data).
• The law additionally restricts the ability to target advertising for children between the ages of 13 – 16.

• Connecticut consumers have the right to access, correct, delete, and port their data. In addition, businesses must provide consumers an opt-out for targeted advertising, the sale of their data, and automated decision-making profiling. Owners are required to respond to consumer requests no later than 45 days after receipt of the request.

• The CTDPA requires business owners to post a “reasonably accessible, clear, and meaningful” privacy notice. Privacy notices must include the type of data being processed and which are shared with third parties and how consumers can exercise their rights. There must also be an email address or other mechanism visible so consumers can contact the business.

• Businesses are required to have data protection assessments completed and documented. Proof of these assessments may be specially requested by the state Attorney General at their discretion.

SOUND LIKE A LOT?— IT IS.

SOUND LIKE A LOT? IT IS.

HOW IMPACT BUSINESS TECHNOLOGY CAN HELP YOU

 Businesses and organizations should take heed of this notice as authorities are not just looking into big corporations. Take proactive action and ensure your business is compliant with these standards before they are enforced. Impact Business Technology can help you classify consumer data, assess your business’s data security, and provide the needed documentation of your standing.

Let us tackle this for you. Use the form below to get started.