On May 27, the Connecticut governor signed SB 4, an omnibus privacy law, followed a week later by two clean-up bills, HB 2222 and HB 5563 (collectively “SB 4”). SB 4, among other things, amends the Connecticut Data Privacy Act (“CTDPA”), establishes a data broker registry and accessible deletion mechanism, imposes restrictions on surveillance pricing, and creates requirements for direct-to-consumer genetic testing companies.
Continue Reading Connecticut Enacts Omnibus Privacy LawConnecticut
Connecticut Attorney General Releases 2025 CTDPA Enforcement Report
The Connecticut Office of the Attorney General (“OAG”) issued an updated Enforcement Report (“Enforcement Report”) under the Connecticut Data Privacy Act (“CTDPA”). The Enforcement Report discusses the OAG’s enforcement actions in 2025 and suggests some areas of focus from the regulator, summarized below.
Continue Reading Connecticut Attorney General Releases 2025 CTDPA Enforcement ReportConnecticut Legislature Amends Its Privacy Statute
On June 24, 2025, the Connecticut governor signed SB 1295, which amends the state’s comprehensive privacy statute, the Connecticut Data Privacy Act (“CTDPA”). SB 1295 takes effect on July 1, 2026.
Continue Reading Connecticut Legislature Amends Its Privacy StatuteState Attorneys General Issue Guidance On Privacy & Artificial Intelligence
Attorneys General in Oregon and Connecticut issued guidance over the holiday interpreting their authority under their state comprehensive privacy statutes and related authorities. Specifically, the Oregon Attorney General’s guidance focuses on laws relevant for artificial intelligence (“AI”), and the Connecticut Attorney General’s guidance focuses on opt-out preference signals that go into effect on January 1, 2025 in the state.
Continue Reading State Attorneys General Issue Guidance On Privacy & Artificial IntelligenceConnecticut Legislature Passes Amendments to the Connecticut Data Privacy Act
The Connecticut legislature passed Connecticut SB 3 on June 2, 2023. If enacted by the governor, the bill would amend the Connecticut Data Privacy Act (“CTDPA”) to include a number of provisions related to health and minors’ data. Additional detail on the CTDPA can be found in our previous blog post here.
The health-related provisions would take effect on July 1, 2023. Most provisions related to minors’ data would take effect on October 1, 2024. However, requirements that social media platforms “unpublish” or delete certain minors’ accounts would come into effect on July 1, 2024.
As reflected in this bill, state legislatures appear increasingly focused on health privacy. Connecticut’s bill comes on the heels of Nevada’s SB 370, which the Nevada legislature passed, and which, if enacted would impose requirements on consumer health data. Both the Nevada and Connecticut bill resemble Washington’s My Health My Data Act, although they appear generally narrower in scope. For additional detail on Washington’s My Health My Data Act, please review our blog post here.
Continue Reading Connecticut Legislature Passes Amendments to the Connecticut Data Privacy ActNew Connecticut Law Adds Promotional SMS to State “Do Not Call” Registry Rules; Prohibits Promotional SMS to Numbers Not on State Registry Absent “Prior Express Written Consent”
Last week, the governor of Connecticut signed into law a new requirement that extends compliance with the state’s existing Do-Not-Call registry to promotional text messages (SMS). Specifically, the law amends the definition of a “telephonic sales call” to include a “text or media message sent by or on behalf of…
Texas Data Breach Amendment Takes Effect; Connecticut On Deck
This week, the much talked-about amendments to Texas’s breach notice statute took effect. We previously blogged about these amendments, which are unprecedented in scope. With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach…
Continue Reading Texas Data Breach Amendment Takes Effect; Connecticut On Deck