On May 10, 2022, Connecticut Governor Ned Lamont signed SB 6 “An Act Concerning Personal Data Privacy and Online Monitoring” (known as the CT Privacy Act (CTPA)) into law, effective July 1, 2023.
Like laws enacted in California, Colorado, Virginia and Utah, the CTPA will add new business obligations and consumer rights in 2023 that go far beyond what has been required by the California Consumer Privacy Act (CCPA), which started the US trend toward a more European approach to data privacy. The laws differ materially not only from the CCPA forerunner, but also from UK and Europe’s General Data Protection Regulation (GDPR). In a new report, Preparing for 2023 – State Privacy Law Compliance, we provide a comprehensive comparison of these laws and our recommendations for how to prepare for them. Notably, in California personal information collected in the context of human resources activities and business-to-business communications will go into full scope under the CCPA at the end of this year, creating a new class of regulated businesses that previously were able to avoid much of the CCPA. Our comparison includes a description of what data is covered or excepted from these various laws and the consumer choices (opt-in or opt-out of various types of processing, and rights of access, correction, deletion and/or transportable copies) that apply to different data types and data processing activities. Model workstreams for becoming 2023-ready are also provided to help shape your compliance program assessment and remediation efforts. For more information, contact the authors noted in the alert.