§ 42-520StatuteReference only

Duties of Controllers

Effective July 1, 2023Reviewed July 2026

Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.

What it requires

Requires data minimization, security safeguards, detailed privacy notices, and explicit consent for processing sensitive data. Also includes requirements for revoking consent.

Legal text (excerpt)

A controller shall: (1) Limit the collection of personal data to what is adequate, relevant and reasonably necessary... (3) Not process sensitive data... without obtaining the consumer's consent...

Connecticut Data Privacy Act: § 42-520, Statute, effective 2023

Primary source

Connecticut Office of the Attorney General: § 42-520: Duties of Controllers

Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.

Stop Guessing. Start Knowing.

Find out exactly where your website stands before a regulator does.

Get My Compliance Audit