The protection of personal identifying information has grown in importance in the eyes of legislators over the last 10 years due to an increase in e-commerce, and the global shift in recent years towards company platforms that operate online almost entirely. Acquiring personal information through malintent has become prevalent and presents a significant issue in the field of privacy management. At times, private citizens’ financial and personal reputations have been destroyed by the damage caused by identify theft and misuse. In years past, it was advisable for companies to post Privacy notices to their website to comply the State of California (CalOPPA), and Cookie Tracking Consent notices to comply with the GDPR enforced by the EU. Companies now find that a strong privacy policy notice and policy enforcement is not only advisable, but essential to comply with individual state laws. Colorado, for example, adopted the Colorado Privacy Act (CPA) which comes into effect July 1, 2023. It is expected that every state across the nation will be adopting similar laws.
The language of the CPA affects companies who operate in Colorado, or collect and organize important information of residents within the state of Colorado. Colorado has taken a proactive role in protecting individual privacy through the adoption of state law. In the last ten years, Colorado invested in assembling a series of legislative privacy protections through the information security law, document disposal law, data breach notification law, and the newly adopted Colorado Privacy Act, which enters into the Colorado statutes on July 1, 2023. While the new legislation mainly targets companies that collect the information of 100,000 Colorado residents or more, it is commendable to have privacy policies in place before reaching the numerical threshold. The primary aim of the CPA is to hold companies to accountability for the protection of sensitive information that they process and store, and to provide greater transparency and increased communication to consumers whose personal data has become a valuable modern commodity.
To comply with the CPA, companies should prepare privacy policies with a focus on key language that emphasizes a request for consent tracking, language that clearly and concisely explains the information collected by the company, language that outlines how the personal data is shared, and language that directs clients to a contact pathway allowing them to request information from the company about how their information is used. When entities implement security procedures and legal compliance with state law, these measures form a protective structure that results in clear and conspicuous communication with the client, and strong internal operations that support a secure network infrastructure within the organization.
Follow our series for more information about how your company or organization may be impacted by recent changes in the legislative language of both state and international law.
Reach out to Behrends Legal for a review of your privacy policy and an assessment of your company’s compliance with Colorado and related law.