This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| less than a minute read

Connecticut Data Privacy Act Amended to Include Health Data Protections

The Connecticut Governor recently amended the Connecticut Data Privacy Act (CTDPA), the state's comprehensive consumer privacy law, to include obligations and restrictions on collecting, processing, sharing, and selling of consumer sensitive and consumer health data. I think that many of the current slate of state privacy laws provide exemptions for nonprofits and businesses collecting data under certain thresholds. However, the CTDPA amendments do not mirror such exceptions. The new provisions regulate any entity that processes health data about Connecticut residents. 

As the amendments went into effect on October 1, 2023, companies should reevaluate their compliance programs to focus on the privacy and security of consumer health data. 

Companies should consider whether they are in scope of these new amendments. Particularly, companies should be mindful that the consumer health data provisions apply to a wide range of businesses, not just those that are regulated by HIPAA.


corporate, cybersecurity & privacy