New Connecticut Data Privacy Act (CTDPA), eff 7/1/23

Hello!We wanted to give you an overview of the new CTDPA (Connecticut Data Privacy Act) eff 7/1/23.Overview:The CTDPA applies to persons conducting business in Connecticut or producing products or services targeted to Connecticut residents, and who during the preceding calendar year either:

• Controlled or processed the personal data of 100,000 or more consumers annually, except for personal data controlled or processed solely for the purpose of completing a payment transaction.

• Derived over 25 percent of their gross revenue from the sale of personal data and controlled or processed the personal data of 25,000 or more consumers.

Health and life sciences data exemptions: In addition to the exemption for HIPAA covered entities and business associates, the CTDPA includes some specific data-based exemptions particularly relevant to the health and life sciences sector. The action items for your business that we will prepare for you:1.Update your privacy notice 2.Update your privacy policy on your website 3.Controllers need to conduct a data protection assessment (DPA) for processing activities that present a “heightened risk of harm to a consumer.”We will need to include the following verbiage: 

• Access

• Correction

• Deletion

• Data Portability

• Opt-out of certain data processing

More to come…