What You Need to Know about Colorado’s New Data Privacy Act

Following the footsteps of Virginia’s Consumer Data Protection Act (CDPA) from earlier this year, Colorado state launched the Colorado Protection Acts (CPA) Law SB21-190, a set of new standards for how organizations leverage data.  

Regulations around data privacy ensure that both the consumer and the business are protected, and no misuse of personally identifiable information is in practice. Data privacy looks at how data is obtained, accessed, and disposed of.  

Data privacy and governance expert Malcolm Chisholm comments, “When dealing with a new data privacy law, like the Colorado Privacy Acts (CPA), enterprises must understand what is new and unique so they can quickly identify gaps in their privacy implementations set up to deal with earlier laws. The CPA is no exception and has its share of legal innovation.”  

California Consumer Privacy Act (CCPA) was one of the first acts that made waves across the U.S., taking notes from overseas legislation like the General Data Protection Regulation (GDPR) in the European Union.  

“Unlike the CCPA, there is no revenue threshold, so businesses of any size are potentially impacted.  Another difference is the lack of any specific exemption for HIPAA-regulated entities.” Continues Chisholm.  

As previously mentioned, these regulations impact more than just the organization but the consumer. Any data shared from customers who live within the state mentioned have the right to access and monitor how their data is being used.  

“Enterprises need to start analyzing the CPA right away to identify what is different about the law and what it means for their specific circumstances.” Concludes Chisholm.  

Three Tips to Act on Data Privacy Regulations:  

1. Ask yourself the following questions:  

1. 1. Does my organization have offices, data centers, or employees in California, Florida, Virginia, or Colorado? 
   2. Does my organization have customers or partners in California, Florida, Virginia, or Colorado? 
   3. Who at my organization manages data legislation and needs to evaluate these laws?
2.  Review the laws in detail, noting when changes come into effect and how to be proactive for future iterations of the laws.  
3. Have a plan. 

Companies like CCG offer data privacy services that help to break down the laws that affect your organization. In addition, data privacy consultants can help establish the information architecture, governance processes, and quality standards to alleviate any significant lift from your organization.  

Learn more about data privacy regulations affecting your organization by reviewing our Data Governance and Privacy datasheet.  

Written by CCG, an organization in Tampa, Florida, that helps companies become more insights-driven, solve complex challenges and accelerate growth through industry-specific data and analytics solutions.