Summary of Connecticut SB 1108 on Data Privacy
The Connecticut legislature is considering enacting a bill similar to the California Consumer Privacy Act (CCPA) to regulate data privacy in its state. It is Raised Bill No. 1108 – An Act Concerning Consumer Privacy.
The bill is currently before the Connecticut Committee on Government Administration and Elections. A hearing was held this week on the bill, and at least three individuals testified against the bill according to our quick review of the video. We will have a better idea of the overall picture of the testimony on the bill once the transcript of the committee’s public hearing is completed and posted online. The public hearing did not call the individuals for testimony grouped by bill, so the conversation on the proposed law was spread out across the 8 hour hearing.
The testimony centered around a few key issues:
– The California law was rushed and there are around a dozen amendments to fix it, so it is too soon to be a model.
– SB-1108 contains some of the errors that California amended or plans to amend.
– Congress is considering enacting a data privacy law.
There seemed to be some support among the committee for not moving forward on the bill based on the questioning. However, one of the members of the Committee pushed back against the testimony of the business representatives and asked whether they would support a consumer right to access their personal information alone. Additionally, the fact that SB-1108 is a raised bill means that there is at least some support for a new privacy law. The Connecticut government website describes a raised bill as one that was drafted as a result of a committee vote to create a fully drafted bill in formal statutory language on the issue.
The bill gives a consumer the same core privacy rights as California – the right to access the personal information the business has collected, delete any personal information collected from the consumer, and opt out of the sale of their personal information to third parties.
If passed, the law would go into effect on January 1, 2020. The current version does not add in the delayed enforcement which was part of the CCPA amendments in SB-1121. The fact that the timeline for compliance would be shorter than California was pointed out in the testimony. In addition, the bill would give the Commissioner of Consumer Protection only until January 1, 2020 to adopt some of the regulations required – the rules and procedures for a few particular exceptions have a deadline of January 1, 2021.
The consumer privacy bill was considered by the Government Administration and Elections Committee in the same public hearing as it considered a bill to prohibit the release of information in its voter database to commercial entities and news organizations. The voter privacy bill would continue to allow political parties and campaigns to request and use the information.
Other Relevant Posts:
Maine Considering LD 946 to Protect Privacy of ISP Customers
Illinois House Passes Data Transparency and Privacy Act; Senate Passes KIDS Act
Texas Considers Consumer Privacy Act and Privacy Protection Act
Update: Special Session of Appropriations Committee Saves Washington Privacy Act for Another Week
No Washington Privacy Act This Year?
Washington Privacy Act – Initial Look at the Current House Version
Summary of Public Hearings on Maryland Online Consumer Protection Act
Summary of Washington Privacy Act After State Senate Passes
Florida Legislature Considers Biometric Information Privacy Act
Maryland Considering SB613 / HB0901 – Online Consumer Protection Act
With SD341, Massachusetts Joins States Considering CCPA-like Data Privacy Laws
Public Hearing on Washington Privacy Act (SSB 5376) in Senate Ways & Means – More Work to Be Done?
State CCPA Privacy Bills in Rhode Island, Hawaii and New Jersey
North Dakota Considers Study on Privacy Practices of Data Brokers