Can I use third-party HR tools that collect personal information in Connecticut? What are the requirements?

Requirements for Using Third-Party HR Tools in Connecticut

Connecticut has enacted the AN ACT CONCERNING PERSONAL DATA PRIVACY AND ONLINE PROTECTION ^[2] which regulates the collection and use of personal data. If you are using third-party HR tools that collect personal information in Connecticut, you must comply with the following requirements:

1. You must have a contract with the third-party processor that requires them to ensure that each person who processes personal data is subject to a duty of confidentiality ^[2].
2. You must ensure that the third-party processor complies with the requirements of the AN ACT CONCERNING PERSONAL DATA PRIVACY AND ONLINE PROTECTION ^[2].
3. You must provide notice to individuals about the collection and use of their personal data, including the categories of personal data collected, the purposes for which the data is used, and the categories of third parties with whom the data is shared ^[2].
4. You must obtain consent from individuals before collecting and using their personal data, unless an exception applies ^[2].
5. You must implement reasonable security measures to protect the personal data from unauthorized access, destruction, use, modification, or disclosure ^[1].
6. You must ensure that the third-party processor implements reasonable security measures to protect the personal data from unauthorized access, destruction, use, modification, or disclosure ^[2].
7. You must ensure that the third-party processor complies with the requirements of the AN ACT CONCERNING PERSONAL DATA PRIVACY AND ONLINE PROTECTION ^[2].

Source(s):

• [1] Protecting Personal Information: A Guide for Business | Federal …
• [2] AN ACT CONCERNING PERSONAL DATA PRIVACY AND ONLINE …

Jurisdiction

Connecticut

• Privacy