Connecticut Data Privacy Act
Data last verified: March 23, 2026
- Effective Date
- July 1, 2023
- Enforcement Date
- Not specified in statute
Summary
Connecticut Data Privacy Act provides consumers the right to opt out of profiling for significant decisions, requires disclosure of profiling activities, and mandates data protection assessments. SB 1295 (eff. July 1, 2026) expands scope, lowers threshold to 35K consumers, adds LLM training data disclosure, and adds neural data as sensitive data.
Who It Applies To
Applies to businesses processing data of 100,000+ CT consumers, or 25,000+ consumers if deriving 25%+ of gross revenue from the sale of personal data.
- Min Consumers:
- 100,000
Any threshold triggers applicability
Penalties
- Penalty Range
- $0 – $5,000per violation
- Cure Period
- 60-day cure period
- Private Right of Action
- No private right of action
- Enforcement Body
- Connecticut Attorney General
Requirements (3)
- Opt-OutSB 6 Sec. 4(a)(5)(C), Sec. 5 / § 42-518(a)(5)(C), § 42-519
This law provides consumers the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.
- DisclosureSB 6 Sec. 6(c)-(d) / § 42-520(c)-(d)
This law requires controllers to disclose whether they engage in profiling and provide information about profiling activities.
- Impact AssessmentSB 6 Sec. 8(a)-(c) / § 42-522(a)-(c)
This law requires controllers to conduct data protection assessments for processing activities that involve profiling with a reasonably foreseeable risk of harm.
Claire tracks 31 state and local AI laws across 23 US states. No prescriptive federal AI compliance statutes have been enacted. EU AI Act and sector-specific regulations are not covered.
Check if this law applies to your business