The Connecticut Data Privacy Act brings new standards to data privacy
On May 10, 2022, Connecticut became the fifth US state to sign into law a comprehensive consumer privacy legislation. Most provisions of the Connecticut Data Privacy Act (CTDPA) will go into effect on July 1, 2023, along with the Colorado Privacy Act (CPA) on the same day. The law includes many of the same rights, obligations, and exceptions as consumer privacy laws already on the books in California, Colorado, Utah, and Virginia – Connecticut goes a bit further. Connecticut introduced new standards not seen in the data privacy world and addresses some controversial topics – like dark patterns.
Provide an effective mechanism to revoke the consumer’s consent
Controllers must provide a mechanism to revoke consumer consent that is “AT LEAST AS EASY” as the mechanism by which the consumer provided the consumer consent. Upon revocation of consent, controllers are to cease the processing of data as soon as practicable, but effective no later than 15 days. That’s not 15 business days as many other US privacy laws allow.
Enforcement of a mechanism that allows easy consumer consent and revocation of that consent directly targets a key dark pattern – Obtaining a consumer’s ‘consent’ with an easy click of a button but preventing a consumer from rescinding consent without jumping through hoops, answering questions, calling a help desk, and being deterred with negative, manipulative language. Before this rule, this dark pattern wasn’t illegal. This will make corporations rethink language and application mechanisms for consumer data retention.
Request a copy of Clarip’s whitepaper on Dark Patterns
Exclusion of persons subject to the law for the purpose of processing payment transactions
Connecticut defines a logical reason an organization can deny deletion of personal data – payment processing. It’s understood that most organizations collect personal data primarily for payment purposes, especially for persons submitting orders for goods or services that need fulfilled. Naturally, organizations need to hold onto this information for a set period – during the preceding calendar year.
Stronger protection of trade secrets
Under the law, a consumer has the right to confirm whether or not a controller is processing the consumer’s personal data and access such personal data, unless such confirmation or access would require the controller to reveal a trade secret.
Task force charged with making recommendations about Children’s Privacy, Algorithmic Bias and Other Privacy Issues
No later than September 1, 2022, the chairpersons of the joint standing committee of the General Assembly is required to jointly appoint the members of the task force. The task force must have representatives from business, academia, consumer advocacy groups, small and large companies, and the office of the Attorney General – a diverse representation of the state of Connecticut.
The task force is charged with studying specific privacy issues and making recommendations for the betterment of the state – such as information sharing among health care providers and social care providers, and the elimination of health disparities and inequities across sectors. Also, the task force is to make recommendations concerning the proper use of data to reduce bias in algorithmic decision-making. Lastly, the possible legislation to require an operator, upon a parent’s request, to delete children’s online accounts, and age verification of children who create social media accounts. The task force has until January 1, 2023 to submit a report on its findings and recommendations to the joint standing committee of the General Assembly.
With Clarip’s Privacy Impact Assessments, Privacy Intelligence Dashboard, Rules Engine, Vendor Monitor, and Reports Dashboard, we can help you uncover, understand the data you hold, and mitigate data risks. Allow customers to submit, revoke and update granular consent with Clarip Consent Management. Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.
Email Now:
Mike Mango, VP of Sales
mmango@clarip.com