Colorado Joins Cadre of States Enacting Pri …
Slated to take effect on July 1, 2023, the Colorado Privacy Act was signed earlier this month, and will join California and Virginia as an early-mover in embracing residents’ privacy rights.
Gov. Jared Polis signed the bill on July 7, which gives Coloradans the right to access, correct and delete personal data held by organizations. Residents will also be able to opt-out of the sale of their information and personal data for targeted ads.
The law borrows, at least, in part, from the European Union’s General Data Protection Regulation (GDPR), as well as from similar statewide laws passed in California and Virginia.
Unlike the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA), the Colorado law applies to nonprofit organizations that meet specific thresholds. The CPA also does not apply to business-to-business or employee data, according to law firm Gibson Dunn.
The National Law Review notes that the CPA does not contain a revenue threshold for businesses, but does require any organization processing the data for 100,000 or more consumers each calendar year or deriving revenue discounts from the sale of personal data for at least 25,000 consumers. The CPA gives businesses 45 days to respond and fulfill consumer requests.
National Law Review states: “It is important to note here that the CPA uses a heightened “consent” standard that is similar to the standard used by the CPRA. “Consent” under the CPA means “a clear, affirmative act signifying a consumer’s freely given, specific, informed, and unambiguous agreement, such as by a written statement, including by electronic means, or other clear, affirmative action by which the consumer signifies agreement to the processing of personal data.””
The star of the bill, according to House Rep. Terri Carver in an interview with Colorado Politics, is that it allows for a universal opt-out, which goes into effect on July 1, 2024. This means that in a single click, consumers can ask to be removed from all data-sharing on any and all websites or companies covered by the bill – all in just one click.
The state has been working toward these laws for many years – Colorado Politics writes that calls for tighter consumer protections have been made since at least 2005.
Recent news posts
Your Weekly DHS/CISA Threat Assessment (September 14)
Assistant to the Special Agent in Charge at USSS-DHS Leads Keynote Presentation in Philadelphia
CISA Insights: Risk Considerations for Managed Service Provider Customers
Your Weekly DHS/CISA Threat Assessment (September 3)
CISA Alert: Ransomware Awareness for Holidays and Weekends
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.