On July 8, 2025, Connecticut's attorney general announced a settlement with TicketNetwork Inc. for failing to fix several privacy notice defects since 2023. The $85,000 fine is the first monetary penalty under the state's comprehensive privacy law.
Four months after Connecticut's privacy law took effect in July 2023, the Connecticut Office of the Attorney General (OAG) sent TicketNetwork a cure notice stating that its privacy policy was out of compliance. Large portions of the policy were unreadable, key consumer data rights were missing, and the mechanisms for exercising those rights were sometimes inoperable or misconfigured. Under Connecticut's privacy statute, a cure notice is not guaranteed; the OAG evaluates the nature of each alleged violation before deciding whether or not to grant a controller or processor the opportunity to cure. As of publication, the OAG has sent over two dozen cure notices aimed at privacy policies. TicketNetwork failed to address follow-up correspondence from the OAG or address the identified defects, and this settlement followed.
In its April 2025 Enforcement Report, the OAG concluded that "we continue to find company privacy notices with glaring facial deficiencies," including notices that have gone years without update or create "ambiguities over whether Connecticut residents have data rights." Office of the Attorney General, Updated Enforcement Report Pursuant to Connecticut Data Privacy Act, Conn. Gen. Stat. § 42-515, et seq.at 4 (2025). Going forward, the OAG stated that it is prepared to take more formal steps against companies that do not demonstrate good faith efforts to diligently correct deficiencies identified by the OAG.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
