Connecticut state agencies must meet accessibility standards aligned with Section 508 and WCAG guidelines.
Connecticut Accessibility & Privacy Laws
Connecticut has enacted both accessibility requirements for state agencies and the Connecticut Data Privacy Act (CTDPA), effective July 1, 2023. The CTDPA includes unique loyalty program protections and requires businesses to honor universal opt-out mechanisms.
→
Accessibility Standards
State Requirements
→
Privacy Law
CTDPA
Comprehensive consumer privacy rights with unique loyalty program protections and universal opt-out support.
Connecticut Accessibility Requirements
Connecticut requires state agencies to ensure their digital services are accessible to people with disabilities, following Section 508 and WCAG 2.0 Level AA standards.
Covered Entities
- Connecticut state government agencies
- State contractors and vendors
- Public educational institutions
- Local government entities
Connecticut Data Privacy Act (CTDPA)
The CTDPA became effective July 1, 2023, providing comprehensive privacy protections to Connecticut residents.
Who Must Comply?
Businesses that conduct business in Connecticut or target Connecticut residents AND:
- Control or process personal data of at least 100,000 Connecticut consumers (excluding payment transaction data), OR
- Control or process personal data of at least 25,000 consumers and derive more than 25% of gross revenue from the sale of personal data
Consumer Rights Under CTDPA
| Right | Description |
|---|---|
| Right to Access | Confirm processing and access personal data |
| Right to Correct | Correct inaccurate personal data |
| Right to Delete | Delete personal data |
| Right to Portability | Obtain data in portable format |
| Right to Opt Out | Opt out of targeted advertising, sale of data, and profiling |
Unique Features
- Loyalty Program Protections: Special provisions for loyalty programs that don't apply data access restrictions
- Universal Opt-Out: Requires honoring Global Privacy Control (GPC) signals starting January 1, 2025
- Nonprofit Exception: Limited exemption for nonprofits
Sensitive Data
CTDPA requires opt-in consent before processing sensitive personal data, including:
- Racial or ethnic origin
- Religious beliefs
- Mental or physical health condition or diagnosis
- Sex life or sexual orientation
- Citizenship or immigration status
- Genetic or biometric data
- Personal data from a known child (under 13)
- Precise geolocation data
Enforcement
| Aspect | Details |
|---|---|
| Enforcing Authority | Connecticut Attorney General (exclusive enforcement) |
| Cure Period | 60 days (expires December 31, 2024) |
| Penalties | Up to $5,000 per violation under CUTPA |
| Private Right of Action | No private right of action |