Connecticut

The Connecticut legislature passed Connecticut SB 3 on June 2, 2023.  If enacted by the governor, the bill would amend the Connecticut Data Privacy Act (“CTDPA”) to include a number of provisions related to health and minors’ data. Additional detail on the CTDPA can be found in our previous blog post here.

The health-related provisions would take effect on July 1, 2023.  Most provisions related to minors’ data would take effect on October 1, 2024.  However, requirements that social media platforms “unpublish” or delete certain minors’ accounts would come into effect on July 1, 2024.

As reflected in this bill, state legislatures appear increasingly focused on health privacy.  Connecticut’s bill comes on the heels of Nevada’s SB 370, which the Nevada legislature passed, and which, if enacted would impose requirements on consumer health data.  Both the Nevada and Connecticut bill resemble Washington’s My Health My Data Act, although they appear generally narrower in scope.  For additional detail on Washington’s My Health My Data Act, please review our blog post hereContinue Reading Connecticut Legislature Passes Amendments to the Connecticut Data Privacy Act

Last week, the governor of Connecticut signed into law a new requirement that extends compliance with the state’s existing Do-Not-Call registry to promotional text messages (SMS).  Specifically, the law amends the definition of a “telephonic sales call” to include a “text or media message sent by or on behalf of a telephone solicitor,” thereby prohibiting

This week, the much talked-about amendments to Texas’s breach notice statute took effect.  We previously blogged about these amendments, which are unprecedented in scope.  With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach (unless the information is encrypted).