Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo

Regulation dossier

Connecticut, United States

Connecticut Data Privacy Act

PrivacyIn Effect

A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.

Plain-English summary

What this regulation means

Built for operators

Connecticut gives residents rights to access, correct, delete, and port personal data, and to opt out of targeted advertising, sale, and certain profiling. Covered controllers must limit collection to what is reasonably necessary, conduct data protection assessments for higher-risk processing, and obtain consent for sensitive data. The statute also added stronger youth-protection rules beginning in 2025.

Reading guide

Use the timeline below to see how the rule progressed from enactment to current obligations.

Related regulations surface adjacent requirements in the same jurisdiction or policy lane.

Timeline

Regulatory lifecycle

Sequence: In Effect -> Minor Protections Expand
  1. 1

    Jul 1, 2023

    In Effect

    Connecticut's general privacy rights and controller obligations became effective.

  2. 2

    Jan 1, 2025

    Minor Protections Expand

    Additional youth-design and data-processing restrictions took effect under Connecticut's privacy law.

Pro feature

📊 Stay ahead of this regulation

Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.

  • →Email alerts when this regulation is updated or enforced
  • →Export to CSV or JSON for compliance reporting
  • →API access to integrate regulation tracking into your workflows
See what's included

Subscribe for regulation alerts

Get alerts for this regulation →

Free weekly digest for compliance professionals following material legal changes.

No spam. Professional updates only.

Free to join. Unsubscribe anytime.

Related regulations

What else belongs on the watchlist

Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.

Indiana, United States

Indiana Consumer Data Protection Act

PrivacyIn Effect

Indiana gives consumers rights to confirm processing, access data, correct inaccuracies, delete certain personal data, obtain portable copies, and opt out of targeted advertising, sale, and profiling. It applies to businesses that meet threshold tests and requires clear notices, purpose limitation, security safeguards, and contracts with processors. The attorney general enforces the law after a cure process.

Effective
Jan 1, 2026
View detail

New York, United States

New York Child Data Protection Act

PrivacyIn Effect

New York requires operators of covered online sites, services, and connected devices to provide privacy-by-default protections for minors and to limit data processing unless a statutory exception applies. It affects operators directed to children or that know a user is under 18, with special focus on profiling, data transfers, and persistent identifiers.

Effective
Jun 20, 2025
View detail

Iowa, United States

Iowa Consumer Data Protection Act

PrivacyIn Effect

Iowa gives consumers rights to know whether personal data is processed, access and delete data they provided, and obtain a portable copy, while also allowing opt outs from data sale. It applies to controllers that meet volume thresholds and focuses on privacy notices, reasonable security, and processor contracts. Compared with some other state privacy laws, it is narrower on correction and sensitive-data consent requirements.

Effective
Jan 1, 2025
View detail