Colorado’s Digital Privacy Law
Colorado’s Digital Privacy Law
On September 1, 2018, the Colorado Protections for Consumer Data Privacy law, went into effect. The Privacy Law is part of the Colorado Consumer Protection Act (“CCPA”), and will help protect personal data.
It you’re a business owner who collects the following Personal Identifiable Information (PII), you’ll need to adapt your processes and procedures to not only protect their customers but yourself. Use the list below to help you decide whether or not the new law applies to you. If it does, make sure you’re ready should a data breach occur.
Step 1: Decide if your collect PII
The State of Colorado defines PII as collecting the first and last name of an individual and any one or more of the of the following:
a) Social Security Number
b) Student, Military, or Passport ID number
c) Driver’s License Number
d) Medical Information
e) Health Insurance ID number
f) Biometric data
g) Username or email address with password and/or security questions and answers
h) Credit Card number with PIN/ access code/ password
Step 2: If you collect PII then apply the following:
As part of the law, businesses and agencies must have a written policy explaining how they will dispose of the personal information they keep and follow through on those procedures.
If a data breach is detected, entities must alert consumers that their data has been compromised within 30 days. Additionally, if more than 500 Coloradans are impacted, you must alert the attorney general’s office.
Moreover, businesses must take “reasonable” steps to protect the personal information they keep.
If you have a DATA BREACH and don’t report you violate the above rules, you could face civil and criminal penalties.
Recommendation: Be compliant with the law, buy data breach insurance, and don’t keep data longer than necessary.
Contact me if you need help with your business or help with your digital privacy policy and procedures. email: paul@pmillerlawoffice.com phone: (303) 900-2529
This article is for educational purposes only, and does not constitute legal advice about your case or situation. There may be exceptions to the information outlined above. Please consult an attorney if you have specific questions about your business.