BenReppe
Community Manager
Community Manager

Support for new state privacy regulations

 

DG Release (public announcement)  

Crownpeak DG Release for Utah, Colorado, and Connecticut Privacy Regulations 

 

The privacy and consent landscape continuously changes and Crownpeak is committed to helping you stay ahead of these changes and remain compliant with easy-to-use tools.  

Crownpeak released new regulation templates and support for Utah, Colorado and Connecticut privacy laws in the Universal Consent Platform (UCP) to allow customers to add these new regulations to their privacy and disclosure strategies.  

This expands regulation coverage to six USA states and twelve national and international regulations including, of course, CPRA and GDPR with GPC signaling support as well as custom combinations.  

What you need to know about these new regulations 

While legally each regulation is applicable to slightly different company profiles, a holistic approach to privacy, disclosure and compliance suggests that if you include any regulation features in your privacy strategy you should include compliance for all the regulations.  

We have made it easy to enable all regulations by providing templates with the appropriate settings for each geolocation’s applicable regulation. 

 

The Connecticut Data Privacy Act (CTDPA) 

 

  • Effective Date: 1 July 2023 
  • Who must comply: 
    The Connecticut Data Privacy Act (CTDPA) applies to individuals and businesses that conduct business in Connecticut, or that produce products or services that are targeted to Connecticut residents that, in the preceding calendar year, controlled or processed the personal data of at least (1) 100,000 Connecticut consumers (excluding data processed solely for processing payment transactions); or (2) 25,000 Connecticut consumers and derives over 25% of their gross revenue from the sale of personal data. 
  • RIGHTS: 
    • Right to Access – Confirm and receive a copy of personal data collected/in possession. 
    • Right to Correct – Correct deficiencies or inaccuracies in personal data. 
    • Right to Delete – Remove personal data from company systems, including collected via third party platforms or systems. 
    • Right to Portability – Obtain a copy of data in a readily usable format to transfer to another Controller.
    • Right to Opt-out of certain processing: 
      • Sale of personal data.
      • Processing of personal data for the purpose of retargeting. 
      • Profiling that may have a legal or other significant impact.

 

The Colorado Privacy Act (CPA) 

 

  • Effective Date: 1 July 2023 
  • The Colorado Privacy Act protects Colorado residents and imposes data protection requirements on companies or organizations that 1) conduct business in Colorado or produce or deliver commercial products or services that are purposely targeted to residents of Colorado; and 2) control or processes personal data of at least 100,000 consumers a year or control or process personal data of at least 25,000 consumers and gain revenue or receives a discount on the price of goods and services, from the sale of personal data. 
  • RIGHTS:
    • Right to Access – Confirm and receive a copy of personal data collected/in possession. 
    • Right to Delete- Can ask to have personal data deleted. 
    • Right to Portability – Can receive and transfer their data to another entity in a readable, portable format.
    • Right to Opt-out of certain processing
      • Sale of personal data. 
      • Processing of personal data for the purpose of retargeting. 
      • Profiling that may have a legal or other significant impact.  

 

The Utah Consumer Privacy Act (UCPA) 

  • Effective Date: 31 December 2023 
  • Who must comply (any of the following): 
    • A company that conducts business in the state or produces a product or service that is targeted to consumers who are residents of the state. 
    • A company that has annual revenue of $25,000,000 or more; and 
    • A company that satisfies one or more of the following thresholds: 
      • A company that, during a calendar year, controls or processes personal data of 100,000 or more consumers. 
      • A company that derives over 50% of the entity’s gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more consumers.” 
  • RIGHTS:
    • Right to Access - Confirm and receive a copy of personal data collected/in possession. 
    • Right to Delete – Limited to personal data the consumer provided 
    • Right to Portability - Obtain a copy of data in a readily usable format to transfer to another Controller to the extent technically feasible, practical. 
    • Right to Opt-out of certain processing 
      • Sale of personal data. 
      • Processing of personal data for the purpose of retargeting. 

 

 

Labels (1)
Edit

Can't find what you are looking for?

Find Answers

Search our DG Forum to find answers to questions asked by other DG users.

Ask a Question

No luck? Ask a question. Our Product and Support teams are monitoring the Forum and typically respond within 48 hours.

Ask a Question