Connecticut has enacted a comprehensive consumer data privacy law, becoming the fifth state in the US to do so. The law, signed by Governor Ned Lamont on May 10, 2022, is called Senate Bill 6 and will take effect on July 1, 2023. It shares similarities with existing privacy laws in California, Colorado, Utah, and Virginia but also includes some unique provisions. Organizations have approximately 14 months to comply with the new regulations.
According to News 12, Connecticut Governor Ned Lamont has signed a cybersecurity law aimed at incentivizing companies to enhance their cybersecurity measures. The law states that companies adhering to a cybersecurity program incorporating administrative, technical, and physical safeguards for personal or restricted information will be exempt from punitive damages in the event of a data breach lawsuit. Beatriz Gutierrez, President and CEO of CONNSTEP Business Consulting, emphasized the importance of preparedness and highlighted the resources available to manufacturers and small businesses to strengthen their cybersecurity practices.
During a special legislative session on June 18, Connecticut's assembly passed Senate Bill 1202, which focused on implementing the state budget. However, this came at the expense of a comprehensive privacy bill, SB 893, which was removed from consideration after an amendment was passed in the Connecticut House. The Senate had previously approved the version of SB 1202 that included the privacy provisions, but they were ultimately stripped away.
Senate Majority Leader Bob Duff, a Democrat, expressed disappointment at the removal of the privacy bill, recognizing the significance of protecting consumer privacy. He acknowledged the challenges faced in advocating for privacy rights, with powerful lobbyists exerting influence against such measures. Despite this setback, Duff remains determined to continue the fight for privacy, believing that ultimately, the right to privacy would prevail.
Connecticut Attorney General William Tong emphasizes the importance of addressing the anti-competitive aspects of big data and ensuring that evolving technologies, such as artificial intelligence and facial recognition software, are regulated to prevent privacy and civil rights violations. Connecticut has been at the forefront of privacy initiatives, establishing a dedicated privacy task force and a standalone Privacy and Data Security Department. Attorney General Tong, elected in 2018, continues to champion privacy rights and currently co-chairs the National Association of Attorneys General's Internet Safety and Cyber Privacy Committee.
Connecticut Attorney General George Jepsen's office has been a trailblazer in state-led privacy enforcement efforts, establishing a dedicated privacy unit in 2011. Connecticut is recognized as one of the most proactive states in privacy policy and legal enforcement. The state's AG office was the first to exercise jurisdiction under the federal HITECH Act of 2009, which empowers state AGs to enforce federal privacy and security regulations for protected health information. AG Jepsen shares insights into Connecticut's leadership in privacy matters, emerging trends in state privacy law, and the collaborative relationship with the Federal Trade Commission (FTC) in this Q&A.