Three states just added new privacy rules that apply the moment your website collects a name, email, or order from someone living there.

Connecticut, Arkansas, and Utah All Changed Their Privacy Rules on July 1

Connecticut expanded what counts as “sensitive data,” adding things like government ID numbers to the list that needs extra protection. Arkansas passed a full consumer privacy law similar to California’s, giving residents new rights over their own data. Utah added a right for consumers to correct inaccurate information a business holds about them.

If your website has any visitors, customers, or email subscribers in these three states, even a handful, these rules now apply to how you collect, store, and disclose their information. That includes a basic contact form, a checkout page, or an email signup, not just large-scale data operations.

What to Check on Your Site

  • Look at your privacy policy and confirm it reflects current data practices, not something written years ago and forgotten.
  • If you collect government ID numbers or similarly sensitive information from Connecticut residents, confirm you’re handling it with the extra care the updated law requires.
  • If you’re not sure whether your site’s forms and checkout process count as “collecting personal data” under these laws, that’s worth a direct conversation with someone who knows privacy compliance, not a guess.

None of this means every small business needs a lawyer on retainer. It means a privacy policy that hasn’t been looked at recently is worth a second look as part of regular website upkeep.

Sources: Consentmo and MultiState Insider