Colorado Privacy Act subjects companies that collect customer data to significant new regulations

The Sum & Substance: Beginning on July 1, Colorado employers who collect and store significant amounts of personal data on customers must allow those individuals to review, correct and delete that data and must get permission from them if they want to sell any of their information.

Controllers of the data for these companies also must undertake significant data-protection assessments to ensure not only that the information is safe from hackers but that the information is necessary for company operations. Those who fail to comply with the newly enacted Colorado Privacy Act could face penalties that reach as high as $20,000 per violation.

The new regulations stem from a law passed with overwhelming bipartisan backing in 2021 and aimed at ensuring that consumers can control the amount of personal data that is available on them. Colorado is just the third state to enact such a law, following similar statutes in California and Virginia, but its rules are in some cases more strenuous than those of other states, which has generated national attention on the local efforts.

Visit The Sum & Substance for more.

Subscribe to Our Blog