Colorado Attorney General Kicks Off Enforcement of State’s Privacy Law
On July 12, 2023, Colorado Attorney General Phil Weiser announced that his office has sent out a series of letters to businesses letting them know that it is beginning enforcement of the Colorado Privacy Act. The state’s privacy law officially went into effect on July 1.
“These letters will help make businesses aware of the law and direct them to educational resources to help them comply,” said Weiser. “And, if we become aware of organizations that are flouting the law or refusing to comply with it, we are prepared to act.”
The letters have also identified two areas of compliance that the Attorney General’s Office will be paying particular attention to:
- Sensitive Data
Under the CPA, businesses must first get a consumer’s consent before processing any sensitive data. This includes data that reveals racial or ethnic origin, religious beliefs, health conditions or diagnosis, sex life or sexual orientation, and citizenship or immigration status. It also includes biometric data and the personal data of anyone under the age of 13. - Opt-Outs
The CPA gives consumers the right to opt out of targeted advertising, the sale of their personal data, and profiling in furtherance of decisions that produce significant effects for the consumer.
While Colorado may not have a dedicated agency focused exclusively on data privacy—like California’s Privacy Protection Agency—the state has been sending signals that it intends to take enforcement seriously. It has already finalized regulations that go into great detail about compliance requirements such as universal opt-outs, data protection assessments, and purpose limitation. This new round of letters reinforces the perception that the Attorney General has privacy on his mind.
Multi-State Privacy Compliance
With the patchwork of state privacy laws growing rapidly, compliance is becoming more complicated to manage, especially for businesses without in-house privacy experts.
TrueVault US helps businesses of all sizes get compliant with privacy laws from across the country with one streamlined platform. Designed by attorneys, TrueVault US is a software solution that guides you at every step of the way, from onboarding vendors to responding to consumer privacy requests.
To learn more about how TrueVault US can help your business, contact our team today.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
- ON THIS PAGE
- Multi-State Privacy Compliance
Get compliant today
Our attorney-designed software will step-by-step guide you through the compliance process from start to finish.
Request a Demo