Agency or developer? We're building something exciting for you. Learn more →
Home > Connecticut Data Privacy Act (CTDPA)

The Connecticut Data Privacy Act (CTDPA) is a law that regulates the collection and use of personal information by private companies doing business in the state. The law applies to any company that collects information from residents of Connecticut, regardless of where the company is based. The CTDPA requires companies to disclose what personal information they collect from customers and how they use it, and gives individuals the right to access their own data.

The CTDPA also includes provisions for breach notification, which requires companies to notify affected individuals within 45 days of becoming aware of a breach. If a breach involves sensitive personal information, such as social security numbers or driver’s license numbers, then companies must notify affected individuals within 72 hours.

In addition to these core requirements, there are other provisions that apply only to certain types of businesses, like:

Start building your privacy experience today

Free forever plan available — no credit card required