The Connecticut AG is investigating the complaint of a chemotherapy patient who received ads for cremation services – and dozens of other matters spanning privacy policy deficiencies, companies’ refusals of data deletion requests, advertising to teens and lack of consent for biometric data collection, the regulator’s new privacy enforcement report reveals. The AG also advocates for changes to the state’s six-month-old comprehensive privacy law to address weaknesses he has found. This article, with insights from Cozen O’Connor, Hintze Law, Locke Lord and Morrison & Foerster attorneys, presents compliance action steps for companies and perspectives on the cost and resource challenges that privacy enforcement poses to both companies and the AG. See “Lessons From California’s DoorDash Enforcement Action” (Mar. 6, 2024).