Connecticut Data Privacy & Data Broker Removal

Connecticut has both a comprehensive privacy law and a data-broker registry — putting it in the top tier of US states for privacy protections. Here is what that means for you and how to use it.

Your rights in Connecticut

Connecticut residents are protected by the Connecticut Data Privacy Act (CTDPA).

• Right to Access & Know — Request a copy of the personal information a company holds about you.
• Right to Correct — Request corrections to inaccurate personal information.
• Right to Delete — Ask a company to delete your personal information.
• Right to Data Portability — Get your data in a portable format you can take to another service.
• Right to Opt Out of Sale — Tell a company to stop selling your personal information.
• Right to Opt Out of Targeted Advertising — Stop companies from targeting you with ads based on your personal data.
• Right to Opt Out of Profiling — Stop companies from building a behavioral profile about you.
• Right to Appeal — Challenge a company's decision to deny your privacy request.
• Contest/question profiling (added by SB 1295, effective July 1, 2026)

Does this cover the company that has my data?

Most companies that collect or sell personal data in Connecticut are likely covered.

A company is covered if it meets any of these thresholds:

• Processes personal data of 35,000 or more consumers

How to remove yourself from data brokers in Connecticut

Connecticut gives you more tools than most states. Here is how to use them, ordered from strongest to most practical.

1. Use the data-broker registry

Connecticut requires data brokers to register with the state. The public registry lets you see exactly which companies are collecting and selling your information — and gives you a starting point for individual opt-out requests. Unlike California, Connecticut does not yet offer a single-request deletion mechanism, so you will need to contact each broker separately.

2. Enable Global Privacy Control

Global Privacy Control is a free browser setting that automatically tells every website you visit not to sell or share your data. It takes two minutes to enable and works silently in the background on every site. Connecticut law requires covered businesses to honor it — so this is not just a request, it carries legal weight.

3. Submit direct opt-out requests

For brokers not covered by the registry or GPC, you can submit requests directly. Look for the "Do Not Sell My Personal Information" link in each company's website footer — most major brokers have one. You can also submit formal access, deletion, or correction requests through each company's privacy policy page.

Under Connecticut's law, covered companies must respond within the statutory deadline. If they don't, you have grounds to file a complaint with the Connecticut Attorney General.

4. Automate ongoing removal

Here is the part nobody tells you: even after you complete every step above, brokers re-ingest your information from public records, data-sharing networks, and commercial databases. Within a few months, your profiles reappear. Staying removed from hundreds of brokers is not a one-time task — it is an ongoing commitment that most people cannot maintain manually.

Connecticut's data broker law: what it means for you

Connecticut requires data brokers to register with the state. The registry gives you visibility into who is collecting and selling your information — and a starting point for individual opt-out requests.

• Connecticut data-broker registration under SB 4 / Public Act No. 26-64 ('An Act Concerning Consumer Privacy and Protection'), signed by Gov. Lamont May 27, 2026 (most privacy provisions effective Oct 1, 2026).
• Data-broker regime (confirmed against multiple legal analyses quoting the act, 2026-06-21; verify dollar/date specifics against the chaptered PA 26-64 PDF before publishing as final): (1) brokers may not sell/license brokered personal data in CT on or after Jan 1, 2027 unless registered with the Dept. of Consumer Protection (DCP); registration is annual (expires Dec 31); (2) registration fee $2,500 initial and $2,500 annual renewal; (3) DCP must establish an accessible universal-deletion mechanism (modeled on California's DROP) by July 1, 2028; (4) registered brokers must access that mechanism at least every 45 days and honor verified deletion requests beginning Oct 1, 2028; (5) independent third-party audits every three years beginning by July 1, 2031 (retain reports ≥6 years; produce to DCP within 5 business days).
• Enforcement by DCP, civil penalties up to $200 per day per consumer per violation; no private right of action.

Other privacy protections in Connecticut

Beyond the comprehensive privacy law, Connecticut has additional protections that may apply to you:

• Address Confidentiality Program (Safe at Home) administered by the CT Secretary of the State for DV/stalking survivors.
• Heightened minors' protections (opt-in for under-16 sale/targeted advertising; the PA 23-56 minors provisions effective Oct 1, 2024).
• SB 4 adds facial-recognition signage requirements, surveillance-pricing restrictions, and DTC genetic-testing protections.
• No judicial 'Daniel's-Law' statute identified.
• Biometric data — No standalone biometric statute with a private right of action (biometric data is 'sensitive data' under the CTDPA, AG-enforced).

How to file a privacy complaint in Connecticut

Connecticut Attorney General, Privacy and Data Security Section — https://portal.ct.gov/ag/sections/privacy/the-connecticut-data-privacy-act

Most state agencies enforce privacy laws in the aggregate — they investigate patterns of violations rather than resolving individual disputes. Filing a complaint still matters: it creates a record that helps trigger enforcement actions.

Frequently asked questions

Sources

• cga.ct.gov
• portal.ct.gov
• hunton.com
• privacylaw.proskauer.com