On May 27, 2026, Connecticut Governor Ned Lamont signed a landmark piece of legislation that marks a paradigm shift in how individual states protect citizens from the modern surveillance economy. Formally designated as Senate Bill 4 (SB 4) and championed by privacy advocates across the nation, this omnibus framework establishes the Connecticut Delete Act. By targeting the largely unregulated data broker market and prohibiting the monetization of real-world movements, Connecticut has constructed one of the most robust legislative shields for personal privacy in the United States. Designed to systematically clean up digital footprints, SB 4 delivers an unprecedented suite of tools enabling consumers to reclaim their identities, strip their profiles from commercial databases, and limit physical and digital tracking.
Historically, digital tracking has operated in the shadows, converting human experiences, clicks, and physical coordinates into profitable commodities. Commercial databases trade in detailed consumer dossiers, often compiled without the explicit or informed consent of the individual. By introducing the Connecticut Delete Act framework, the state has joined the ranks of national privacy pioneers. The legislation goes beyond the baseline rights of the landmark 2023 Connecticut Data Privacy Act (CTDPA) to aggressively dismantle the business model of non-consensual tracking and data monetization.
Understanding the Core Mechanism of the Connecticut Delete Act
The centerpiece of SB 4 is the creation of a centralized, user-friendly digital footprint erasure system, modeled after California’s pioneering Delete Request and Opt-out Platform (DROP). Under this new mechanism, the Commissioner of Consumer Protection is mandated to establish a secure, “one-stop-shop” online platform. Rather than forcing consumers to navigate hundreds of individual data broker websites—which are frequently designed with confusing interfaces and deliberately obscured opt-out forms—Connecticut residents will be able to purge their public records with a single, unified request.
The mechanism introduces strict, legally binding operational workflows for any registered data broker operating within the state:
- Universal One-Click Deletion: Consumers can submit a single, free request to have their personal data systematically erased across all registered data brokers simultaneously.
- The 45-Day Verification Loop: Once the platform is operational, data brokers are legally required to access the state’s centralized deletion registry at least once every 45 days. They must process and comply with all verified deletion requests within that same 45-day window.
- Continuous Suppressive Obligation: Once a deletion request is processed, data brokers are prohibited from selling or sharing any newly acquired personal information of that consumer. They must maintain a suppression list or implement technical workflows to ensure that the individual’s profile is not recreated through subsequent data scraping.
- Severe Penalties for Defiance: To ensure that the industry takes these mandates seriously, the law establishes heavy civil penalties. Any data broker that fails to register with the state or refuses to comply with verified deletion requests faces a civil penalty of up to $5,000 per day per violation.
Shining a Light on the Data Broker Registry
<