Connecticut Attorney General Issues Report on Privacy Law Enforcement Priorities
Time 1 Minute Read
Categories: Children’s Privacy, Enforcement, Health Privacy, U.S. State Law

The Connecticut Attorney General’s Office (“OAG”) has released a Report on the status of Connecticut’s Data Privacy Act (“CTDPA”), which took effect on July 1, 2023. The Report covers complaints, inquiries, and early enforcement activities under the CTDPA.

The Report indicates that the OAG has issued over a dozen notices of violation of the CTDPA and a number of broader information requests to companies in a variety of industries, including retail, grocery, fitness, event services, career services, parenting technologies, car companies, genetics testing, and home improvement.

The Report highlights the OAG’s enforcement priorities in the following areas:

  • Privacy policies (e.g., inadequate, confusing, or missing disclosures; ineffective rights mechanisms);
  • Sensitive data (e.g., health data, biometric data, children’s data, and precise geolocation data);
  • Teens’ data (e.g., regarding collection, targeting advertising, consent);
  • Data brokers.

The Report also includes the OAG’s recommendations for strengthening the CTDPA, such as narrowing the law’s entity-level exceptions. The Report is also significant in that the AG’s office notes that it may pursue enforcement against companies already under investigation by the FTC.

Tags: Compliance, Connecticut, Consumer Protection, Data Brokers, Health Data, Personal Data, Targeted Advertising
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company

The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced a settlement with health care software company MMG Fusion to resolve the company’s alleged noncompliance with the HIPAA Privacy, Security and Breach Notification Rules.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data

On March 25, 2026, New Jersey enacted a new law restricting health care facilities’ collection and disclosure of certain patient information, including immigration status, citizenship status, place of birth, Social Security number and individual taxpayer identification number.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
South Dakota Enacts Genetic Data Privacy Act  

On March 23, 2026, South Dakota Governor Larry Rhoden signed Senate Bill 49, a new law designed to “safeguard the integrity, privacy, and security of consumer genetic data,” which takes effect on July 1, 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page