As 2023 approaches and a new round of data privacy laws are slated to take effect, business leaders are scrambling to determine which laws apply to their companies and how to juggle multi-state compliance. The Connecticut Data Privacy Act (CDPA) is one of those laws, going into effect on July 1, 2023.
To anyone familiar with Virginia’s Consumer Data Protection Act, the criteria for determining whether the CDPA applies should look familiar as they are more or less identical. Here’s a quick rundown on how to figure out if the Connecticut Data Privacy Act applies to your business.
As with the Virginia privacy law, most of the CDPA’s rules apply to “controllers”—i.e., for-profit businesses that “determine the purpose and means of processing personal data.”
Basically, if it’s your website (or store), you are the controller of any data that is processed in connection with that site.
Any controller that has a physical presence in Connecticut, or sells its products or services online to state residents, must comply with the CDPA if at least one of the following applies:
For most businesses, it will be the 100,000-consumer threshold that applies to them. If your business has a website, it is controlling the personal data (e.g., IP addresses, cookies, etc.) of each one of its visitors. If you are getting just 8,400 unique visitors from Connecticut per month, that puts you over the 100,000 mark.
The CTDPA also contains a number of exemptions at the entity level, and for specific types of personal data. These exemptions include:
Navigating the complexities of multiple privacy laws at once can be difficult for any business, but it’s even harder for businesses that don’t have in-house privacy experts or legal departments. TrueVault US simplifies multi-state privacy compliance, allowing businesses of any size to handle it on their own.
Designed by attorneys, TrueVault US is an all-in-one privacy software that helps you get your business fully compliant with laws like the CDPA and California’s CCPA even if you’re starting from scratch. From onboarding vendors to processing privacy requests, TrueVault provides guidance at every step.
Contact our team to learn more and view a demo.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal advice. This content is not a substitute for obtaining legal advice from a licensed attorney. The information on this page may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.