Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.
Class Action U Logo
Check Your Eligibility

Connecticut Privacy Laws

Connecticut has several laws that protect consumers’ personal data from unauthorized access, sale, or misuse. The Connecticut Data Privacy Act (CTDPA) gives residents the right to access, correct, delete, and obtain a copy of certain personal data collected by covered businesses. It also allows consumers to opt out of the sale of their personal data, targeted advertising, and certain types of profiling. Connecticut law also places additional restrictions on the processing of sensitive data, including children’s data, and recent amendments have expanded or will expand privacy protections in several areas.
Check Your Eligibility
the image visually represents legal concepts related to privacy rights, regulations, and enforcement
  • June 24, 2026
  • Key Takeaways
  • In Wisconsin, there is no comprehensive data protection law like those of California, Illinois, Oregon, and several other states. However, certain Wisconsin state statutes and federal regulations combine to give consumers basic protections.
  • Wisconsin data breach notification laws require businesses and government entities that experience data breaches to notify consumers within 45 days, unless the breach poses no real threat of fraud or identity theft.
  • Protected personal information in Wisconsin includes names, government-issued identification numbers, financial account information, biometric data, and other sensitive details.
  • Victims of data breaches in Wisconsin have the right to seek compensation, sometimes via a class-action lawsuit.

When a data breach affects Connecticut residents, the state’s breach notification law may require businesses to notify affected consumers and the Connecticut Attorney General. Although the CTDPA does not create a private right of action, victims of data breaches may still have legal options for pursuing compensation under other laws.

Scope and Applicability of the Connecticut Data Privacy Act

In 2022, Connecticut became one of the first U.S. states to pass a comprehensive consumer privacy law. The CTDPA gives residents certain rights over their personal data and establishes privacy obligations for covered businesses. As of January 1, 2025, covered businesses must also recognize universal opt-out preference signals from Connecticut consumers.

The CTDPA generally applies to businesses that operate in Connecticut or target Connecticut residents and, during the preceding calendar year, controlled or processed the personal data of either at least 100,000 consumers or at least 25,000 consumers while deriving more than 25% of their gross revenue from the sale of personal data. Separate Connecticut privacy laws, like Senate Bill 4, as well as recent amendments may impose additional requirements on certain businesses that handle consumer health data, children’s data, biometric data, genetic data, precise geolocation data, or other sensitive information.

What Data Is Covered and What Is Exempt?

Under the CTDPA, personal data is any information that can be linked to an identifiable individual, excluding publicly available information. This can include addresses, driver’s license or state ID numbers, passport information, bank account numbers, login credentials, payment card information, and more. Sensitive data reveals race, ethnicity, religion, health conditions, sexual orientation, citizenship, health data, genetic or biometric data, precise geolocation data, and data from known children under 13. Residents acting in an individual or household context are protected under the CTDPA, but individuals acting in an employment context are not.

View Active Data Breach Investigations

Arrow 1

Consumer Rights Under Connecticut Law

The CTDPA grants several rights to Connecticut residents regarding their personal data, including the rights to access, correct, and delete their collected data, as well as the right to opt out of the sale of their data for targeted advertising. Additionally, businesses must get explicit consent from consumers before collecting sensitive data.

Right to Access and Correct Personal Data

Connecticut residents have the right to ask businesses to allow them to access their data and correct any inaccuracies.

Right to Delete Personal Data

Connecticut residents have the right to delete their personal data collected by businesses, including data collected through third parties.

Right to Opt Out of Sales and Processing

Consumers can opt out of the sale of their personal data, the processing of the data for targeted advertising, and profiling. This is especially important for sensitive data.
Experienced a BREACH?
Get Help Now
CAU logo
Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.

Recent Amendments and Legislative Updates

Several recent laws have been enacted in Connecticut to further protect residents’ data. Senate Bill 1295, signed in June 2025, expanded the Connecticut Data Privacy Act to further protect consumer data, especially that of minors.

Additionally, the governor signed Senate Bill 4 in May 2026, approving a far-reaching measure to expand consumer privacy laws and data regulatory requirements for Connecticut employers. The law will restrict certain surveillance-based pricing practices, impose new regulatory obligations on data brokers, and establish additional statutory requirements for biometric, genetic, and location data.

Enforcement and Penalties

The CTDPA does not include a private cause of action, but the Connecticut Attorney General can take enforcement action for noncompliant businesses. Violations may merit civil penalties of up to $5,000 per violation under the Connecticut Unfair Trade Practices Act, as well as injunctive relief, restitution, and disgorgement. These enforcement actions are designed to both protect consumers and discourage businesses from engaging in unsafe data security practices.

Connecticut Data Privacy Laws in the Broader U.S. Context

Because there is no comprehensive federal data privacy law, individual states are left to enact their own data protections for residents, though several key federal laws still influence data protection in specific industries such as healthcare, finance, and children’s services. Connecticut was among the first states to enact a wide-reaching data protection law to safeguard consumers’ personal information and outline security requirements for businesses.

Recent Data Breaches Affecting Connecticut Residents

Brightstar Data Breach (2025)

Brightstar Lottery Group, a gaming and lottery technology vendor, experienced a data breach in 2025 that affected nearly 550 Connecticut residents. The company collected personal information from prize winners, which was compromised in a data breach. However, most of the impacted individuals were Brightstar employees.

Community Health Center Data Privacy Breach (2024)

Community Health Center, a nonprofit healthcare provider in Middletown, Connecticut, experienced a data breach in October 2024 that affected over 1 million individuals. The provider identified unauthorized activity in its computer systems in January 2025, and subsequent investigations confirmed that a criminal hacker had stolen data from the network. Patients’ information, including names, addresses, contact information, dates of birth, health information, and Social Security numbers, was accessed without consent.

Prospect Medical Holdings Hospitals Breach (2023)

In the summer of 2023, three Connecticut hospitals owned by Prospect Medical Holdings were crippled by a data breach for over 40 days. The cyberattack affected Manchester Memorial Hospital so severely that it had to stop receiving new patients. Rockville General and Waterbury hospitals were also affected.

Comstar Data Breach (2022)

In January 2026, the ambulance billing vendor Comstar agreed to pay a total of $515,000 to Connecticut and Massachusetts for failing to protect patients’ sensitive information during a 2022 data breach. The breach affected about 330,000 Massachusetts residents and 23,000 Connecticut residents.

Start Your Data Breach Claim

Steps To Take If Your Data Has Been Compromised In Connecticut

After you receive notice that your data has been compromised, in Connecticut, check your credit report, financial accounts, and other records to ensure your information is not being used. Consider changing affected passwords and signing up for free credit monitoring.

In Connecticut, victims of data breaches may have multiple options for taking legal action and recovering compensation for their losses, depending on the nature of their claim. You may be eligible to file an individual lawsuit, join or start a class action lawsuit, or file a demand in a mass arbitration action. Class Action U may be able to connect you with an experienced data breach lawyer to learn more about your legal options for seeking justice and compensation.

Seeking Justice: Next Steps for Victims of Data Breaches in Connecticut

Connecticut’s data privacy laws help protect consumers’ personal information from theft and unauthorized use. If you believe a corporation mishandled your data in Connecticut, or if you have received a data breach notification, contact Class Action U today to see if you qualify for a legal claim.

Were you recently affected by a data breach? 
Contact Us Today
Related Pages
Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.