Connecticut Data Privacy Act (CTDPA)
The Connecticut Data Privacy Act (CTDPA), signed into law in June 2022 and effective July 1, 2023, establishes comprehensive consumer privacy rights for Connecticut residents. It provides rights to access, delete, correct, and opt out of the sale of personal data and targeted advertising. The law applies to any entity that conducts business in Connecticut or processes the personal data of Connecticut residents, regardless of where the entity is located.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
CTDPA: Consumer Rights (42-518)
| Code | Title |
|---|---|
| CTDPA-42-518-ACCESS | Right to Confirm and Access |
| CTDPA-42-518-AUTHAGENT | Authorized Agents |
| CTDPA-42-518-CORRECT | Right to Correct |
| CTDPA-42-518-DELETE | Right to Delete |
| CTDPA-42-518-OPTOUT | Right to Opt Out |
| CTDPA-42-518-PORT | Right to Data Portability |
| CTDPA-42-518-RESPONSE | Response Timeline and Appeal |
| CTDPA-42-518-UOOM | Universal Opt-Out Mechanism |
CTDPA: Controller Duties (42-520)
| Code | Title |
|---|---|
| CTDPA-42-520-CHILDREN | Children's and Minors' Data |
| CTDPA-42-520-CONSENTREVOKE | Consent and Revocation (No Dark Patterns) |
| CTDPA-42-520-NONDISCRIM | Non-Discrimination |
| CTDPA-42-520-PRIVNOTICE | Privacy Notice |
| CTDPA-42-520-PURPLIMIT | Purpose Limitation and Data Minimization |
| CTDPA-42-520-SALEDISC | Sale and Targeted-Advertising Disclosure |
| CTDPA-42-520-SECONDARY | No Secondary Use Without Consent |
| CTDPA-42-520-SECURITY | Reasonable Security Practices |
| CTDPA-42-520-SENSITIVE | Sensitive Data Opt-In Consent |
CTDPA: Data Protection Assessments (42-522)
| Code | Title |
|---|---|
| CTDPA-42-522-DPA | Data Protection Assessments |
CTDPA: Definitions, Scope and Exemptions (42-515 to 517)
| Code | Title |
|---|---|
| CTDPA-42-515 | Definitions |
| CTDPA-42-516 | Applicability Thresholds |
| CTDPA-42-516-EXEMPT | Entity and Data Exemptions |
CTDPA: Enforcement and Amendments (42-525; PA 23-56)
| Code | Title |
|---|---|
| CTDPA-42-525-AGENFORCE | Exclusive Attorney General Enforcement |
| CTDPA-42-525-CHD | Consumer Health Data (PA 23-56) |
| CTDPA-42-525-CURE | Cure Period (Sunset 31 Dec 2024) |
| CTDPA-42-525-GEOFENCE | Geofencing Prohibition Near Health Facilities (PA 23-56) |
CTDPA: Processor and De-identified Data (42-521/523)
| Code | Title |
|---|---|
| CTDPA-42-521-DEIDENT | De-identified and Pseudonymous Data |
| CTDPA-42-521-PROCESSOR | Processor Obligations and Contracts |
Your Compliance Coverage
If you comply with Connecticut Data Privacy Act (CTDPA), you already cover:
Maps to 3 other frameworks
Frequently Asked Questions
What is Connecticut Data Privacy Act (CTDPA)?
Connecticut Data Privacy Act (CTDPA) is a compliance framework from United States — Connecticut with 6 domains and 27 controls. The Connecticut Data Privacy Act (CTDPA), signed into law in June 2022 and effective July 1, 2023, establishes comprehensive consumer privacy rights for Connecticut residents. It provides rights to access, delete, correct, and opt out of the sale of personal data and targeted advertising. The law applies to any entity that conducts business in Connecticut or processes the personal data of Connecticut residents, regardless of where the entity is located. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Connecticut Data Privacy Act (CTDPA) have?
Connecticut Data Privacy Act (CTDPA) has 27 controls organised across 6 domains. The largest domains are CTDPA: Controller Duties (42-520) (9 controls), CTDPA: Consumer Rights (42-518) (8 controls), CTDPA: Enforcement and Amendments (42-525; PA 23-56) (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Connecticut Data Privacy Act (CTDPA) map to?
Connecticut Data Privacy Act (CTDPA) maps to 3 other compliance frameworks. The top mapping partners are GDPR (33% coverage), CCPA/CPRA (33% coverage), COPPA (4% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Connecticut Data Privacy Act (CTDPA) compliance?
Start your Connecticut Data Privacy Act (CTDPA) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Connecticut Data Privacy Act (CTDPA) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 27 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required