IDC Names Securiti a Worldwide Leader in Data PrivacyView
Colorado has become the third US State to pass a comprehensive data privacy law. Colorado Privacy Act (CPA) was signed into law on July 8th, 2021. Modeled pretty similarly to the Virginia Data Protection Act (VCDPA) passed earlier this year, the CPA provides comprehensive privacy rights to state residents of Colorado and imposes a new set of obligations and duties on data controllers managing consumer personal information.
With the increasing importance of privacy in today's digital age, the Colorado Privacy Act represents a major step forward in the protection of personal data for residents of the state.
The Colorado Privacy Act, also known as Senate Bill 21-190, is a comprehensive privacy law that was enacted in Colorado on July 7, 2021. This legislation provides significant protections for the personal information of Colorado residents, establishing new standards for the collection, use, and protection of personal data by businesses operating in the state.
All consumers may invoke the following rights by sending a verified request to the data controller (in case of a child, the parent/guardian may send the request on behalf of the child):
Unlike the VCDPA that can be enforced only by the Virginia Attorney General, the Colorado Privacy Act can be enforced either by the Attorney General or District Attorney, or both. In the event of a notice served by the AG or DA, the controller will be provided 60 days to fix the violation. A non-compliant business or entity shall be fined up to 20,000 per violation.
The CPA does not apply to:
Colorado Privacy Act protects the personal information of Colorado residents by setting new standards for the collection, use, and protection of personal data by businesses operating in the state. The act seeks to give individuals greater control over their personal information and to promote transparency and accountability in the handling of such information by companies.
It further addresses the growing concerns around the misuse and exploitation of personal data, particularly in light of recent high-profile data breaches and privacy violations. The act requires businesses to implement appropriate security measures to protect personal data, and to be transparent about their data practices by providing individuals with information about the data they collect, how it is used, and whom it is shared with.
In short, the Colorado Privacy Act aims to ensure that businesses handle personal information responsibly and securely and to give individuals greater control and visibility over how their personal data is collected, used, and protected.
The Colorado Privacy Act (CPA) is a data privacy law enacted in Colorado, USA. It sets regulations for how businesses handle and protect consumers' personal data. It grants Colorado residents certain rights over their data and places obligations on businesses regarding data collection, processing, and disclosure.
The Colorado Privacy Act applies to businesses that conduct business in Colorado, process personal data of at least 100,000 Colorado consumers, or derive revenue from selling personal data and process the data of at least 25,000 Colorado consumers. The law focuses on businesses that meet these criteria, regardless of their physical presence in Colorado.
Colorado is a one-party consent state for recording conversations. This means that as long as one participant in the conversation consents to the recording, it is generally legal. However, it's important to understand and adhere to the specific legal requirements and limitations.
The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.Get the Book
“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”
- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.