Privacy & Information Security Law Blog

On July 8, 2025, Connecticut Attorney General William Tong announced a settlement with TicketNetwork for alleged violations of the Connecticut Data Privacy Act (“CTDPA”). According to the Attorney General’s press release, the Office of the Attorney General (“OAG”) first sent a “cure notice” to TicketNetwork on November 9, 2023.  In that notice the OAG alleged that the company’s privacy notice was deficient under the CTDPA and provided the company with an opportunity to cure the alleged violation. In particular, the OAG alleged that the company’s privacy notice was largely unreadable, missing key data rights and contained rights mechanisms that were misconfigured or inoperable. 

The CTDPA previously provided businesses with a cure period of 60 days, and, according to the OAG, TicketNetwork did not resolve the alleged violations until “well beyond the cure period.”  The OAG also stated in its press release that the company “repeatedly represented that they had resolved deficiencies when they had not done so, and failed to timely respond to follow-up correspondence.” Under the settlement, TicketNetwork has agreed to comply with the requirements of the CTDPA, maintain metrics for consumer rights requests received under the CTDPA, provide a report of these metrics to the OAG and pay $85,000.

Importantly, the CTDPA’s cure period expired on January 1, 2025 and the OAG’s press release makes clear that the OAG is focused on enforcing the law’s transparency requirements.