Client Alerts & Insights
Connecticut Attorney General Issues $85,000 Penalty for Deficient Privacy Policies
July 18, 2025
Authored By:
In its first fine for violations of the Connecticut Data Privacy Act (“CDPA”), the state’s omnibus data privacy law, the Connecticut Attorney General (“CT AG”) chose to make an example of deficient privacy notices.
Nearly two years to the effective date of the CDPA, the CT AG issued the first monetary penalty for violations, an $85,000 settlement with TicketNetwork (“TN”), an online event tickets marketplace, for failure to cure privacy notices deficient under the CDPA’s requirements despite the CT AG’s continued outreach since 2023. This serves as a reminder that state-by-state compliance with privacy and other consumer protection laws is the new normal for businesses operating in the U.S.
Similar to other state omnibus data privacy laws enacted in the last decade, the CDPA empowers Connecticut consumers with certain rights to their data (the right to access, correct, and delete personal data stored and collected by businesses as well as the right to opt-out of the sale of personal data and targeted advertising). Generally speaking, the CDPA requires Connecticut businesses that process certain volumes and types of Connecticut consumer data to provide those consumers (specifically through privacy policies and embedded opt-out mechanisms) with the knowledge of and the means by which data rights may be enforced through the business.
TN’s privacy policies did not meet the CDPA’s requirements. According to the CT AG’s statement, the agency flagged TN’s privacy policy as “largely unreadable, missing key data rights, and contained rights mechanisms that were misconfigured or inoperable” in November 2023. By January 1, 2025, when a right to cure expired for violations under the CDPA, TN remained the only business that had not corrected deficiencies identified by the CT AG during the four “privacy notice sweeps” conducted since 2023.
The CT AG’s settlement is a reminder that while compliance with the patchwork of U.S. privacy laws may be costly and cumbersome, the risks and consequences of non-compliance continue to increase as more states enact omnibus data privacy laws and related consumer protections that step in where the federal government has declined or failed to take action. Maintaining a proactive data compliance program that can effectively and timely respond to changes in the law, agency, and consumer complaints is critical.
Latest News
Customs Duty Assists: Regulatory Compliance Overview and FAQ
Customs compliance and enforcement defense are high-profile exercises within U.S.-based importers due to the higher-risk regulatory enforcement environment. One of the more complex hot topics facing compliance and legal professionals within importers of record (IORs) is the degree to which “assists” impact dutiable value, and therefore duty burden, in the eyes of U.S. Customs and Border Protection (CBP).
TSA Authorized Representatives—Emerging Practice of Engaging Freight Brokers and Its Practical Implications
Air transportation safety has long been of critical supply chain importance and geopolitical significance, and that role is growing. Supply chain constraints over this decade have driven a need for adaptation, modal diversification and cost containment. To do so, authorized air cargo providers have increasingly explored new ways to add capacity for regulated surface transportation.
Chameleon Carriers—FMCSA’s “Reincarnated” Rule and Enforcement
As the U.S. DOT and its FMCSA ramp up certain elements of domestic enforcement, regulators are utilizing existing laws and regulations that previously were not often invoked. Enforcement of the English language proficiency requirement is one great example.
What’s Old Is New Again: Broker Liability Insulation from the Case Law in the Post-Montgomery Era
The Supreme Court has spoken in its Montgomery v. Caribe Transport decision, and the brokerage sector, and even shipper and motor carriers, are working toward adapting to this “new liability regime.”