TicketNetwork Fined for Violating the Connecticut Data Privacy Act

Connecticut Attorney General William Tong announced an $85,000 settlement with TicketNetwork, INC. for violating the Connecticut Data Privacy Act (CTDPA). Along with the fine, TicketNetwork has agreed to compile a report on consumer rights requests received under the CTDPA and share it with the AG.

TicketNetwork CTDPA Violations

In November 2023, the Connecticut AG sent a “cure notice” to TicketNetwork, notifying the company of deficiencies with its privacy notice and giving it sixty days to resolve the issues. Privacy notice violations called out in the cure notice included:

• A notice that was largely unreadable
• Key data rights were missing from the notice
• The notice contained rights mechanisms that were incorrectly configured or inoperable

TicketNetwork failed to resolve the deficiencies within the sixty-day cure period, resulting in the Connecticut Data Privacy Act fine.

The Attorney General has issued cure notices on four separate occasions for violations involving privacy notices. TicketNetwork is the only company that received the cure notice but failed to resolve the issues within the cure period. The CTDPA’s cure period expired in January 2025.

CTDPA Privacy Notice Requirements

The CTDPA requires controllers to provide a privacy notice that includes the following information:

• The types of personal data the controller processes
• The purpose for processing
• If and why the controller shares personal data with third parties
• How consumers can exercise their rights to access and delete their data

To learn more about the rights the CTDPA affords consumers and the obligations it imposes on businesses, watch the videos and read the FAQs on this page, published by the AG.

Other State Privacy Law Enforcements in 2025

Connecticut is not the only state to take action to enforce its data privacy law this year. California has been active in enforcing the CCPA, with these settlements reached so far in 2025:

• Healthline was fined $1.55 million in July, the largest penalty in CCPA history, for the following violations:
  • Failing to honor opt-outs
  • A consent banner that did not disable tracking cookies when requested
  • Violating the “purpose limitation principle” by sharing potentially sensitive medical information
  • Vendor contracts that did not include specific uses for shared data

• In March, Honda was fined $632,500 for the following violations:
  • Requiring excessive personal information to exercise privacy rights
  • A longer opt-out process than opting-in
  • Creating barriers for consumers using Authorized Agents
  • Failure to produce contracts with advertising technology vendors

• In May, clothing retailer Todd Snyder was fined $345,178 for the following CCPA violations:
  • Not honoring opt-out requests for forty days
  • Requiring consumers to verify their identity to opt out of sale/sharing

CompliancePoint has a team of experts that can help your organization build a privacy program that complies with the CCPA, GDPR, and other state laws. Contact us at connect@compliancepoint.com to learn more about our suite of services.