Blog

Category Archives: Internet

July 22, 2022

Connecticut Personal Data Privacy Law – What to Know

Connecticut passed a personal data privacy law this year. Here’s what businesses should know.

  • The law includes industry-specific and data-specific requirements, so business-specific analysis is required.
  • The law takes effect July 1, 2023, so there is time to prepare.
  • The law applies only to businesses possessing data of 100,000 or more CT consumers (if the business earns more than 25% of revenue from the sale of consumer data the number is 25,000). Non-profits, institutions of higher education and certain financial businesses subject to other regulations are exempt. HIPAA and other medical information, credit information, and certain other categories of information are exempt.
  • Businesses must disclose: the categories of personal data they process and the purpose of the processing; whether the business shares or sells personal data; and how consumers can access, modify, delete, or opt-out of use of their data.
  • Businesses must allow consumers to access their data, request copies, correct inaccuracies, and delete their personal data, and must comply with requests within a reasonable time, presumptively 45 days.
  • Businesses must employ “reasonable” security practices to protect consumer data and document those measures with respect to data that could be especially harmful to consumers if disclosed. That includes data used for targeted advertising or profiling.
  • Use of consumer data to improve functionality is permitted.
  • More strict requirements apply to child data.
  • There is no private right of action for violation of the law. Only the Connecticut Attorney General can enforce it. That means businesses will not be flooded with class action and contingent fee lawsuits on day one, and until 2025 the AG is required to give 60-day notice of any violation and an opportunity for the business to cure it before bringing suit.
  • Violation of the law is a violation of CUTPA, the Connecticut Unfair Trade Practices Act, for which remedies include punitive damages and attorneys’ fees.
  • Connecticut joins California, Nevada, Maine (limited to ISPs), Colorado, Utah and Virginia in enacting specific data privacy laws. The California, Nevada and Maine laws already are in effect. The rest take effect beginning 2023. Many of the laws are similar, but not identical, so if you have customers in all those states, you should know all those laws.

You can read the Connecticut law here.

May 4, 2015

Clickwraps and Browsewraps: What’s the Difference?

Clickwrap and browsewrap agreements are documents typically used by website owners to mandate the terms on which users may access their websites. The difference between the two is the manner in which the user agrees to the terms. Clickwrap agreements require an overt act of consent by the user. Typically, the user must click a button to signify acceptance. Browsewrap agreements do not require any overt consent. Rather, the website owner posts the terms of use on the site and asks that users not access the site unless they agree to those terms.

Courts treat the two differently because of the difference in the manner in which the user accepts the terms. Clickwrap agreements are generally enforceable because the user’s click is an affirmative act indicating acceptance. The enforceability of browsewrap agreements depends on the prominence of the browsewrap terms. The more prominently the terms are displayed, the more likely a court will rule that users are bound because they must have seen the terms (or deliberately ignored them) and therefore a user’s continued use of the site demonstrates consent to the terms.