The language of the CPA affects companies who operate in Colorado, or collect and organize important information of residents within the state of Colorado. Colorado has taken a proactive role in protecting individual privacy through the adoption of state law. In the last ten years, Colorado invested in assembling a series of legislative privacy protections through the information security law, document disposal law, data breach notification law, and the newly adopted Colorado Privacy Act, which enters into the Colorado statutes on July 1, 2023. While the new legislation mainly targets companies that collect the information of 100,000 Colorado residents or more, it is commendable to have privacy policies in place before reaching the numerical threshold. The primary aim of the CPA is to hold companies to accountability for the protection of sensitive information that they process and store, and to provide greater transparency and increased communication to consumers whose personal data has become a valuable modern commodity.
To comply with the CPA, companies should prepare privacy policies with a focus on key language that emphasizes a request for consent tracking, language that clearly and concisely explains the information collected by the company, language that outlines how the personal data is shared, and language that directs clients to a contact pathway allowing them to request information from the company about how their information is used. When entities implement security procedures and legal compliance with state law, these measures form a protective structure that results in clear and conspicuous communication with the client, and strong internal operations that support a secure network infrastructure within the organization.
Follow our series for more information about how your company or organization may be impacted by recent changes in the legislative language of both state and international law.