The 2026 amendments to the Connecticut Data Privacy Act expand the definition of sensitive data to include government identification information such as Social Security numbers, passport numbers, and state identification numbers. The amendments remove the entity-level GLBA exemption for financial institutions, meaning banks and financial services companies that were previously exempt must now comply with CTDPA requirements for consumer data processing. Most significantly, the amendments require all covered controllers to recognize Universal Opt-Out Mechanisms such as the Global Privacy Control browser signal, joining California, Colorado, and other states that mandate honoring automated opt-out requests.
ConductAtlas maps governance language to potentially relevant regulatory frameworks. Regulatory applicability and enforceability may vary by jurisdiction, enforcement context, and individual circumstances. This page is informational and does not constitute legal advice. Methodology
Showing 30 of 5443 provisions. View all →
Get alerted when platforms change their policies — including -relevant provisions.
Subscribe to Monitor — $19/moConductAtlas tracks -relevant provisions across 100 platforms. Each platform's specific provisions are classified by severity and mapped to requirements.
ConductAtlas captures policy documents daily, classifies provisions by regulatory framework, and flags changes that affect obligations. Every change is archived with cryptographic verification.