January 9, 2025
Connecticut AG to Businesses: Time to Implement Opt-Out Signals
The Connecticut Attorney General wants businesses to know that, starting January 1, 2025, they are required to respect opt-out signals.
With a recent announcement from Attorney General William Tong, Connecticut became the first U.S. state besides California to impose a fine for violations of the state’s comprehensive data privacy law. The target of the enforcement action was TicketNetwork, an online ticket reseller. The case was settled for $85,000.
Here’s what we learned from the state’s announcement.
Unfortunately, the statement from the attorney general’s office does not offer much detail as to what TicketNetwork is alleged to have done wrong. It does tell us that the company privacy policy was:
While we’d love to know in more depth what all of this means (for instance, how bad does a privacy policy have to be in order to be “unreadable”?), but the takeaway seems to be that TicketNetwork’s problems were far-ranging and the site was non-compliant in a general way. As AG Tong said, “This law has now been in effect for two years. There is no excuse for continued non-compliance.”
The attorney general’s office first contacted TicketNetwork in November 2023, giving the company 60 days to cure any alleged violations. The cure period expired in January 2024, meaning the case took approximately 18 months to resolve.
This squares with a statement from the California Privacy Protection Agency’s deputy director for enforcement, indicating that the average time needed to resolve a consumer protection case is 18 months. It also explains why, after an initial lull, we are starting to see a dramatic uptick in enforcement.
Businesses should also keep in mind that, while TicketNetwork had a mandatory 60-day cure period to fix any violations, the CTDPA’s cure-period provision expired on January 1, 2025. The state can now proceed directly to enforcement with no warning.
There are already over a dozen different state privacy laws in effect in the United States, with more on the way. Without a dedicated privacy professional on staff, keeping up with all of these laws and their amendments is unmanageable for many businesses. However, as enforcement increases, it is more important than ever to stay current with the legal landscape.
TrueVault helps businesses of all sizes manage all sides of privacy compliance. Through a combination of guided workflows, vendor integrations, and close product support, you can get your business privacy-compliant in a matter of days, not months. Best of all, TrueVault US customers get new states added to their privacy center when they go into effect, at no extra cost!
Contact our team today to learn how TrueVault can help your business get compliant.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.
