The state Senate unanimously approved consumer data privacy legislation April 20.
The version of SB 6 that the Senate sent to the state House followed lengthy negotiations between the bill's advocates and business groups.
CBIA's John Blair described the bill as "a carefully drafted piece of legislation that properly weighs consumer rights versus business interests."
"Without the amendment, SB 6 would have resulted in significant compliance costs for small and large businesses in our state," he said.
"Laws in other states have added millions of dollars in substantial initial and ongoing compliance costs."
The bill allows consumers to see which companies are collecting their data and opt out of the sharing of that information. Consumers under 16 would have to opt in to data collection.
Blair thanked Sen. James Maroney (D-Milford) for steering negotiations on the bill, which includes the following provisions addressing business community concerns:
- Clear, consistent language around use of data modeled off of states like Colorado and Virginia. The consistency from state to state regulation of data is key because any unique legislation adds costs.
- Setting a threshold that any company collecting data and information on 100,000 Connecticut residents in a year is required to comply with this law. That threshold exempts many small businesses from new costs and regulation.
- Favorable legal standards like the right to cure, no private right of action and actual knowledge standards giving complying businesses better protection from costly fees or litigation.
- Key industries where data is already heavily regulated such as insurance, financial services, and healthcare sectors are carved out, along with most government agencies.
- A working group over the next year will study best practices for implementation making sure there is clarity and predictably in complying with the new law.
Blair noted that the original draft of the bill raised concerns that Connecticut businesses would face the same costly compliance costs as those in California following passage of legislation there.
The California Consumer Privacy Act resulted in an estimated $55 billion in initial compliance costs—beginning at $50,000 for companies with 1-20 employees—and an estimated additional $16.5 billion in direct costs by 2030.
Specifically, the costs incurred include attorney fees, software licensing, web services, and employees to address ongoing compliance.
For more information, contact CBIA's John Blair (860.244.1921).