Tag Archives: Colorado

Privacy vs. Perks: Comparing the CCPA’s Notice of Financial Incentive and the Colorado Privacy Act’s Bona Fide Loyalty Program Rules

Photo of Justin T. YedorPhoto of Jamie KimBy Justin T. Yedor and Jamie Kim on Posted in Information Privacy
Global communication networkWhat is loyalty? Ask a mob boss, a Los Angeles Lakers fan and a Labrador retriever, and you might get three different answers. Ask a retailer, and they’ll likely tell you that a loyalty program can be a great tool for rewarding their best customers and helping drive further purchases. But with these benefits come … Continue Reading

Colorado’s Privacy Act: A Curve Ball on Consent and Targeted Ads

Photo of Andreas KaltsounisPhoto of Stanton BurkePhoto of BakerHostetlerBy Andreas Kaltsounis, Stanton Burke and BakerHostetler on Posted in Advertising
On July 7, 2021, Gov. Jared Polis signed the Colorado Privacy Act (CoPA) into law, making Colorado the third state to enact a comprehensive privacy law, joining California and Virginia. The Act goes into effect on July 1, 2023, and shares many of the rights and obligations provided in other comprehensive privacy laws such as … Continue Reading

Navigating the State Data Breach Laws? An Enhanced Resource is Available

Photo of Julie HeinBy Julie Hein on Posted in Breach Notification, Data Breach Notification Laws
In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading

Colorado Enacts Sweeping Changes to Data Breach Reporting Requirements and Adds New Data Security Requirements

By David M. Brown on Posted in Data Breach Notification Laws, State Legislation
Colorado’s Gov. John Hickenlooper signed a bill that significantly strengthens its current data breach notification requirements and adds new measures designed to enhance protections for consumer data privacy. The new law will go into effect on Sept. 1, 2018. Disposal of personal identifying information As previously discussed here (while the bill was in committee), HB18-1128 … Continue Reading

Colorado Legislature Signals That It May Create More Stringent Data Destruction Regulations and Tighten Breach Reporting Requirements

Photo of Sammantha TillotsonPhoto of Casie CollignonBy Sammantha Tillotson and Casie Collignon on Posted in Data Breach Notification Laws
In January 2018, Colorado legislators sponsored a bill that, if passed, will change the state’s existing data breach reporting laws in important ways. A House Committee Report detailing the current version of the bill can be found here. The bill would create a new statute, C.R.S. § 6-1-713.5, titled Protection of Personal Identifying Information, which … Continue Reading

Colorado Proposes Cybersecurity Requirements for Investment Advisers and Broker-Dealers

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Financial Privacy, Information Security
On March 27, 2017, the Colorado Department of Regulatory Agencies proposed changes to the Colorado Securities Act that would impose new cybersecurity requirements on investment advisers and broker-dealers (the “Proposed Rule”). Among other obligations, the Proposed Rule would require these entities to include cybersecurity as part of their risk assessments, and establish and maintain written … Continue Reading
LexBlog