Right to Know
Right to Access Personal Information
Right to Request Deletion of Personal Information
Right to Correct Inaccuracies
Right to Opt Out of Sale of Personal Information
Right to Non-Discrimination
Below are a few tips to get going:
Establish and update your privacy policy
Review legal basis for processing personal data
Document all data that is collected/processed
Map personal information to each internal database
Appoint a person/team/Data Protection Officer who can own data privacy best practices and respond to incoming Data Subject Access Request (DSARs)
Meet proper deadlines
Audit/create reports showing your data landscape, purpose, and DSARs completed to date.
Understand all exemptions under CTDPA
Decipher between data definitions as they differ between state laws
The Connecticut Data Privacy Act (CTDPA) was enacted on May 21, 2018 and became effective on October 1, 2018. This legislation was enacted in response to growing concerns about the collection, use, and disclosure of personal information by businesses and aimed to provide residents of Connecticut with greater control over their personal information.
The CTDPA established new rights for residents of Connecticut with respect to their personal information and imposed new obligations on businesses in terms of how they collect, use, and disclose personal information. The CTDPA also provided for enforcement by the Connecticut Attorney General and established civil penalties and damages for violations of the act.
CYTRIO is helping organizations meet the burden of the Connecticut Data Privacy Act (CTDPA) with an easy-to-use All-in-One Data Privacy Compliance Platform. With CYTRIO, organizations can eliminate 80%+ of manual tasks, resulting in significant time and cost-saving, improved SLAs and minimization risk of regulatory fines, all the while building consumer trust.
With CYTRIO, organizations can operationalize and automate consent and privacy rights management, to meet a complex set of CTDPA compliance requirements through the All-in-One Data Privacy Compliance Platform featuring Cookie Consent Manager, Cookie Banner Generator, Cookie Scanner, DSAR Manager, DSAR Response Automation, Data Discovery, Data Mapping and Records of Processing Activity (ROPA) and Data Protection Impact Assessments (DPIA).
The Connecticut Attorney General
Any individual who has a permanent address in Connecticut
Customers of household goods and services, employees, and those who make business-to-business transactions
Consumers may only make information requests twice a year and only for a 12-month look-back
Yes, if you have customer/client who resides Connecticut you must comply
An individual whose data is collected and processed
An organization that collects data from one or more sources, provides some value-added processing, and repackages the result in a usable form
The process of matching fields from one database to another
A person who determines the purposes and means of the processing of personal data
A third-party who processes personal data on behalf of the controller
A business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship