Connecticut small businesses face huge compliance costs if the General Assembly approves sweeping consumer privacy legislation.

SB 134, currently under consideration by the legislature's General Law Committee, is modeled on the California Consumer Privacy Act.

The bill, which features a broad definition of personal information, requires employers to respond to consumer requests for personally identifiable data collected by the business. 

CBIA's Shannon King told committee members an analysis of the California law prepared for that state's Attorney General's Office found companies with as few as one employee faced initial compliance costs of $50,000.

"Businesses with 100 or less employees would incur $100,000 and businesses with 500 or less employees would incur $450,000 in compliance costs," she testified Feb. 25.

Complying with the California law will initially cost companies with more than 500 employees $2 million.

Penalties

SB 134 also subjects small businesses to significant penalties—up to $7,500 per violation—if they fail to comply with its requirements.

The legislation impacts firms that process as few as 137 daily credit card transactions and accept just $12 from state residents.

"The cost of initial and ongoing compliance with this legislation threatens operations for small businesses, startups, and entrepreneurs," King said.

Consumer privacy legislation should be crafted at the federal level, ensuring transparency, uniformity, and data protection.

"Small businesses will likely also have to limit or forgo investments such as hiring new workers and expanding their facility and product and service offerings."

King said while employers recognize the growing importance of consumer privacy, states should defer to the federal government.

"Consumer privacy legislation should be crafted at the federal level, ensuring transparency, uniformity, and protections against data misuse and cybersecurity threats," she said.


For more information, contact CBIA's Shannon King (860.331.0712) | @shannoneking53