The Connecticut Personal Data Privacy Act (Part 3): What Consumers Should Know featured image

The Connecticut Personal Data Privacy Act (Part 3): What Consumers Should Know

by John DiGiacomo

Partner

Internet Law

At the end of 2024, the Connecticut Personal Data Privacy and Online Monitoring Act (“CPDPA”) will become fully effective.

In other articles related to the CPDPA, the Consumer Data Privacy Lawyers at Revision Legal have provided an overview of the Act and looked closer at what obligations the CPDPA imposes on controllers and processors of personal data. In this article, we examine what rights are granted to Connecticut consumers.

To what consumer data does the Connecticut Personal Data Privacy Act​ apply?

As with similar consumer data privacy statutes, the Connecticut Personal Data Privacy Act​ is aimed at providing some protection for the collection, use, sale, and storage of “consumer personal data.” More specifically, the CPDPA is concerned with personal data that can be used or manipulated in such a manner as to personally identify specific and unique individuals. Thus, the CPDPA does not apply de-identified, anonymized, or disaggregated data and other types of data that cannot be used to uniquely identify a person. Further, publicly available information and data that has been voluntarily released to the public by a consumer are also excluded from the definition of “consumer personal data.”

Also, the CPDPA’s emphasis is on “consumer” data. Thus, the CPDPA does not apply to data collected and processed when a person is acting in an employment capacity — such as applying for a job — or in a commercial capacity — such as when he or she is operating a small business.

All that being said, “consumer personal data” generally includes things like social security numbers, names, addresses, financial and credit card account numbers, and more. Certain personal data is considered “sensitive” personal data. This data includes data with respect to:

  • Racial or ethnic origin
  • Religious beliefs
  • Health condition
  • Sexual habits or orientation
  • Citizenship or immigration status
  • Biometric information
  • Precise geolocation data
  • And more

What consumer rights are granted by the Connecticut Personal Data Privacy Act?​

In broad outline, consumers in Connecticut are given notice, consent, opt-out, correction, deletion, portability, and dispute resolution rights under the CPDPA. With respect to notice rights, businesses that collect and process consumer personal data must provide notices to consumers that are “reasonably accessible, clear, and meaningful.” Among other things, the notices must identify what categories of personal data are being collected, with whom the data is shared, the business purposes for which the data is collected/shared, with whom the data is shared, and more. When businesses sell/share the data or use the data for targeted advertising or in connection with automated decision-making that could have significant effects on the consumer (such as an application for a loan), then the notices must provide that information AND obtain the consumer’s consent for collection and processing of the data. Further, under those conditions, businesses must give the consumer a method of “opting out” of having their information sold or used for targeted advertisement.

Further, businesses must allow consumers to obtain a copy or access to their personal data collected and stored, must allow for correction or deletion of that data, and must possess the data in a format that allows it to be transferred (portability). Businesses must also provide contact information for consumers and must have dispute resolution methods and procedures available for circumstances where a consumer wishes to dispute a decision made by a data controller (such as to deny access, refuse to correct, etc.).

Contact The Consumer Privacy Act Attorneys At Revision Legal

For more information, contact the experienced Consumer Privacy Act Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

Internet Law

In May 2024, Minnesota enacted the Minnesota Consumer Data Privacy Act (“MCDPA”). In Part One of this two-part article, the Consumer Data Protection Attorneys at Revision Legal discussed the consumer rights and consumer-facing business obligations imposed by the MCDPA, including additional consumer rights related to automated decisions that utilize profiling data. The MCDPA allows consumers […]

Read more about The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

Advantages of Forming Corporate Entities for Operating Your Business

Advantages of Forming Corporate Entities for Operating Your Business

Corporate

Under most circumstances, the experienced Business Lawyers at Revision Legal deem it prudent for clients to operate their businesses through a corporate entity like a standard corporation or a limited liability company. Of course, there are some circumstances where a partnership of some type might be the better option, but it would be a rare […]

Read more about Advantages of Forming Corporate Entities for Operating Your Business

The Minnesota Consumer Data Privacy Law: Summary For Consumers

The Minnesota Consumer Data Privacy Law: Summary For Consumers

Internet Law

In May 2024, Minnesota enacted a consumer data privacy statute called the Minnesota Consumer Data Privacy Act (“MCDPA”). About 20 States have enacted consumer data privacy statutes similar to the MCDPA, and the MCDPA follows the general template of those statutes. However, there are some unique and additional features of the MCDPA that are very […]

Read more about The Minnesota Consumer Data Privacy Law: Summary For Consumers

Put Revision Legal on your side

Let's Discuss Your Case