Skip to content

Connecticut Data Privacy Act (CTDPA)

Osman Husain Apr 9, 2023 3:18:00 PM

The Connecticut Data Privacy Act (CTDPA) is a law that regulates the collection and use of personal information by private companies doing business in the state. The law applies to any company that collects information from residents of Connecticut, regardless of where the company is based. The CTDPA requires companies to disclose what personal information they collect from customers and how they use it, and gives individuals the right to access their own data.

The CTDPA also includes provisions for breach notification, which requires companies to notify affected individuals within 45 days of becoming aware of a breach. If a breach involves sensitive personal information, such as social security numbers or driver's license numbers, then companies must notify affected individuals within 72 hours.

In addition to these core requirements, there are other provisions that apply only to certain types of businesses, like:

  • Credit reporting agencies must maintain reasonable security procedures and practices;
  • Financial institutions must conduct due diligence on third parties with whom they share or disclose customer data; or
  • Insurance companies must maintain reasonable security procedures and practices.

Osman Husain

Osman is the content lead at Enzuzo. He has a background in data privacy management via a two-year role at ExpressVPN and extensive freelance work with cybersecurity and blockchain companies. Osman also holds an MBA from the Toronto Metropolitan University.

Leave a Comment