State Data Privacy Round Up: Connecticut Set to Become Fifth State to Enact Privacy Law

2022 has been a busy year in terms of state data privacy laws. Read this update from attorney member Josh Stevens and register for ACA’s state law education Hot Topic later this month.

05/05/2022 11:00 A.M.

3.5 minute read

Key takeaways:

  • The Connecticut Data Privacy Act is similar to laws in Virginia and Colorado.
  • Privacy bills in 11 other states remain active as some legislative sessions are ending.
  • ACA International will hold a Hot Topic webinar, part of a four-part series, on state-specific trends collectors need to know, May 19.

By Josh Stevens

As predicted, 2022 has been a busy year for the U.S. privacy world. Utah’s Consumer Privacy Act, the fourth state privacy law, was signed into law on March 24, 2022. Connecticut is now likely to be the fifth state to enact its own privacy law. The Connecticut Data Privacy Act (Senate Bill 6) passed both the House and Senate in the final weeks of April, and the bill will become law with the Connecticut governor’s signature or 15 days after the current legislative session ends on May 4.

Taking effect July 1, 2023, the Connecticut Data Privacy Act has familiar provisions to the other enacted state privacy laws, but mostly aligns with the Virginia Consumer Data Protection Act and the Colorado Privacy Act.

Key details of the Connecticut Data Privacy Act include:
  • No private right of action; 60-day right to cure period ending on Dec. 31, 2024.
  • Applies only to controllers that meet data volume threshold (75,000 consumers or more) or data volume and revenue threshold (process data of 25,000 consumers and derive 25% of revenue from selling personal data).
  • Provides GLBA (entity and data-based), HIPAA (data-based), FCRA (data-based), and other relevant exemptions.
  • Consumer rights largely align with other states and include appeal rights.
  • Controller-processor contract requirements mirror other states.
  • Must provide conspicuous notice of right to opt out of targeted advertising and sales.
  • Must provide a clear and conspicuous link on the website to enable a consumer to opt out of the targeted advertising or sale of the consumer’s personal data.
  • Must allow consumers to opt out of the targeted advertising or sale of the consumer’s personal data via a global opt-out mechanism by Jan. 1, 2025.
  • Cannot collect sensitive personal data without first providing clear notice and obtaining the consumer’s consent (sensitive data concerning a known child must be processed in accordance with COPPA).
  • Imposes reasonable data security requirements
  • Requires data protection assessments which must be disclosed to the Connecticut attorney general upon request.
  • Includes antidiscrimination provisions but exempts loyalty/rewards programs.
  • The Connecticut General Assembly must convene a working group to study certain topics concerning data privacy and the working group must issue a report before Jan. 1, 2023.

Privacy bills in 11 other states remain active as some legislative sessions are ending. As previously reported, the California Privacy Protection Agency continues its regulation-making activity with regulations expected by late summer or early fall. The Colorado Attorney General’s Office is soliciting informal comments on 16 topics, including enforcement and controller and processor obligations, with stakeholder sessions and formal notice of proposed rulemaking likely coming later this year.

Businesses working to comply with adopted privacy laws in California, Colorado, Virginia and Utah should keep an eye on these and other privacy developments and consider ways to extend their current compliance efforts to cover emerging laws.

State Law Education

For more updates on state laws and trends to know, this quarterly series from ACA International, “State Specifics for Collectors,” will eliminate confusion and help trainers, compliance officers and collectors in the ARM industry gain a better understanding of the most important state “can and cannots ” to remain compliant on every call, no matter the consumer location. Stefanie Jackman, partner at Troutman Pepper, Abigail Pressler, general counsel at NCB Management Services Inc., and Nicholas Prola, general counsel at Professional Finance Company Inc., will lead this session.

This webinar is from 2 to 3 p.m. CDT, May 19. Visit the registration page here.

Josh Stevens is a partner at Mac Murray and Shuster LLP.

Editor’s note: This article is published with permission from Mac Murray and Shuster LLP Partner Josh Stevens. This article is provided for informational purposes and is not intended nor should it be taken as legal advice. The views and opinions expressed in this article are those of the author in his individual capacity and do not reflect the official policy or position of their partners, entities, or clients they represent.

If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here


Payment Vision



This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.