Connecticut’s vigorous data privacy enforcement rolls on as TicketNetwork feels the consequences of non-compliance, culminating in an $85,000 settlement.
At a Glance
- Connecticut has enforced the Connecticut Data Privacy Act (CTDPA) with an $85,000 settlement against TicketNetwork.
- The grace period for businesses to correct violations has ended, signaling a new phase of strict enforcement.
- TicketNetwork reportedly ignored multiple notices, prompting a firm response from the Attorney General.
- Companies now face increased pressure to adhere to the state’s rigorous privacy standards.
A Landmark Enforcement Action
In a decisive move signaling a new era of data privacy enforcement, Connecticut Attorney General William Tong has secured an $85,000 settlement with TicketNetwork. The action against the South Windsor-based company underscores the state’s transition from an educational approach to uncompromising enforcement of the Connecticut Data Privacy Act (CTDPA), putting all businesses operating in the state on high alert.
“Under the settlement, TicketNetwork has agreed to comply with the requirements of the CTDPA, maintain metrics for consumer rights requests received under the CTDPA, provide a report of these metrics to the Attorney General, and pay $85,000.” https://t.co/1PnI3UZys8
— Christina Ayiotis, Esq., CRM, CIPP/E, AIGP (@christinayiotis) July 8, 2025
The case against TicketNetwork was prompted by the company’s alleged failure to recognize universal opt-out preference signals for targeted advertising, a key requirement of the CTDPA. This settlement serves as a clear warning: non-compliance will no longer be met with leniency.
End of Grace Period Signals Stricter Scrutiny
The CTDPA, which took effect on July 1, 2023, initially included a 60-day “right to cure” period, giving businesses a window to correct violations without penalty. However, that grace period officially expired on January 1, 2025. The action against TicketNetwork is the first major enforcement since the gloves came off.
“This law has been in effect for two years. There is no excuse for continued non-compliance,” AG Tong stated in a report on the law’s enforcement priorities. “We are prepared to use the full weight of our enforcement authority to protect consumer privacy.” According to legal analysis, this shift means companies can expect more aggressive oversight and financial penalties for violations.
Key Takeaways for Businesses
The settlement highlights the critical importance for businesses to have robust and compliant data privacy frameworks. The CTDPA mandates clear privacy policies, secure data handling procedures, and seamless mechanisms for consumers to exercise their rights, including the right to opt out of data collection and sales. TicketNetwork‘s failure to address these requirements, even after repeated warnings from the Attorney General’s office, led directly to the financial penalty.
The Attorney General’s office has stressed that it will focus on compliance within sensitive data sectors and practices related to teens and data brokerage. For businesses, the message is unmistakable: the time for proactive compliance is now, as the cost of negligence has become tangibly and financially apparent.
