View all Articles

Connecticut Adopts Data Privacy and Online Monitoring Act

On May 10, 2022, Connecticut signed into law the Data Privacy and Online Monitoring Act (Act) to regulate the collection, storage and usage of personal information and create new consumer privacy rights. The Act becomes effective July 1, 2023.

The Act:

  • Establishes a framework for controlling and processing personal data;
  • Defines responsibilities and privacy protection standards for data controllers and processors; and
  • Grants consumers the right to access, correct, delete and obtain a copy of personal data and opt out of the processing of personal data in certain circumstances.

Covered Entities

The Act applies to persons or entities that conduct business in Connecticut, or produce products or services that are targeted to Connecticut residents, if they did either of the following during the prior calendar year:

  • Controlled or processed the personal data of at least 100,000 consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction; or
  • Controlled or processed the personal data of at least 25,000 consumers and derived more than 25% of their gross revenue from the sale of personal data.

Exempt Entities

Certain entities are exempt from the law, including state and local government entities, non-profits, higher education institutions, financial institutions subject to the Gramm-Leach-Bliley Act, and qualifying covered entities and business associates subject to the Health Insurance Portability and Accountability Act (“HIPAA”).

Next Steps for Employers

Covered entities must consider adjusting their practice to:

  • Keep the collection of personal data to the minimum amount necessary for the purpose of the collection;
  • Use personal data to only the purpose of the collection or as the consumer has authorized;
  • Establish and implement data security practices to protect the data; and
  • Obtain consent before processing sensitive data, including data of any individual under the age of 13, and follow the provisions of the Children’s Online Privacy Protection Act under federal law.

Entities subject to the Act should become familiar with their new obligations and prepare to comply by the effective date.

HR Works, headquartered in Upstate New York, is a human resource management outsourcing and consulting firm serving clients throughout the United States for over thirty years. HR Works provides scalable strategic human resource management and consulting services, including: affirmative action programs; benefits administration outsourcing; HRIS self-service technology; full-time, part-time and interim on-site HR managers; HR audits; legally reviewed employee handbooks and supervisor manuals; talent management and recruiting services; and training of managers and HR professionals.