Connecticut Attorney General William Tong recently announced his office’s first enforcement action for violations of the Connecticut Data Privacy Act.
“This law has now been in effect for two years,” Tong said in a statement, which noted an $85,000 fine. “There is no excuse for continued non-compliance, and we are prepared to use the full weight of our enforcement authority to protect consumer privacy.”
What are we discussing with our clients?
Per Tong:
- If you get a notice of violation from an AG, take it seriously and cooperate — even if it is within the “right to cure term.”
- Take another look at your privacy notice to make sure that it meets with the state laws’ disclosure requirements and describes the data collection and sharing in a clear (and non-vague) way.
- The CT AG has issued four “privacy notice sweeps,” consisting of over two dozen cure notices in total. All were aimed at addressing privacy notice deficiencies.
- Make sure you include all relevant data rights.
- Make sure your rights mechanisms are fully functional and correctly configured.
[View source.]