Connecticut Data Privacy Act (CTDPA)

Regulation: Connecticut Data Privacy Act
Abbreviation: CTDPA
Governs these parties: all legal entities conducting business in Connecticut or delivering products or services targeted to Connecticut residents
Enforced by: the office of the Attorney General (OAG)

The Connecticut Data Privacy Act (CTDPA) obligates data controllers to fulfill certain basic data protection principles, such as data minimization and purpose limitation. The collection of data has to be limited to the extent, “adequate, relevant, and necessary” for the purposes of the data processing, and personal data must not be processed for purposes that are neither reasonably necessary nor compatible with the disclosed purposes unless the consumer has consented to it.

In order to comply with the CTDPA requirements, organizations processing information on Connecticut residents or doing business in Connecticut must establish, implement, and maintain reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data appropriate to the volume and nature of the personal data at hand.   

The rest of this document is designed to help our community understand CTDPA better by outlining the following information:

• How it relates to cybersecurity
• How Coro handles compliance for you

How it relates to cybersecurity

Governed entities must establish, implement and maintain reasonable administrative, technical and physical security practices to protect the confidentiality, integrity and accessibility of the personal data that they handle. These practices must take into account the volume and nature of the personal data in question.

How Coro handles compliance for you

At Coro, we’ve done the research thoroughly and regularly track updates to the regulation in order to ensure that you are implementing best practices in the areas we cover when we’re protecting your systems.

The following table outlines the requirements described by CTDPA that Coro implements in conjunction with Microsoft 365 or Google Workspace.

Disclaimer: this table does not guarantee that your organization is compliant with these regulations. As a best practice, seek assistance from a certified auditor when completing your analysis.