Three states just added new privacy rules that apply the moment your website collects a name, email, or order from someone living there.
Connecticut, Arkansas, and Utah All Changed Their Privacy Rules on July 1
Connecticut expanded what counts as “sensitive data,” adding things like government ID numbers to the list that needs extra protection. Arkansas passed a full consumer privacy law similar to California’s, giving residents new rights over their own data. Utah added a right for consumers to correct inaccurate information a business holds about them.
If your website has any visitors, customers, or email subscribers in these three states, even a handful, these rules now apply to how you collect, store, and disclose their information. That includes a basic contact form, a checkout page, or an email signup, not just large-scale data operations.
What to Check on Your Site
- Look at your privacy policy and confirm it reflects current data practices, not something written years ago and forgotten.
- If you collect government ID numbers or similarly sensitive information from Connecticut residents, confirm you’re handling it with the extra care the updated law requires.
- If you’re not sure whether your site’s forms and checkout process count as “collecting personal data” under these laws, that’s worth a direct conversation with someone who knows privacy compliance, not a guess.
None of this means every small business needs a lawyer on retainer. It means a privacy policy that hasn’t been looked at recently is worth a second look as part of regular website upkeep.
Sources: Consentmo and MultiState Insider