Skip to the main content.
BLOGS & LEGAL INSIGHTS:
BUSINESS LAW
Hero-Split-Right
CONSUMER LAW

Hero-Split-Left

 

WEBINARS

green lock security thumb

green lock security thumb

 

VIDEO LIBRARY

green lock security thumb

green lock security thumb

 

ADDITIONAL RESOURCES

Colorado Privacy Act (CPA)

Protects Consumers’ Privacy Right, Especially Online Activities.

In 2021, the state of Colorado signed into law the Colorado Privacy Act (CPA), which will go into effect on July 1, 2023. This act protects the privacy rights of Colorado residents regarding their personal data, particularly their online activities. Based on this act, companies must protect five consumer rights, including the right to:

•  Access
•  Correct
•  Delete
•  Data portability
•  Opt-out

pexels-kevin-paster-1901388

Companies doing business in Colorado must comply with these laws.

This includes via a website or an app, and/or processing the data of Colorado residents who meet threshold requirements – a) processing personal data of 100,000 or more residents annually, or (b) processes personal data of at least 25,000 residents annually and derive revenue or receive discounts on goods and/or services due to the sale of that data. The companies do not need to have a physical presence in Colorado. There are stipulations for small companies that do not meet the revenue threshold or the number of data processing. In addition, Colorado exempts many organizations, including airlines, public utilities, governmental entities in Colorado, and higher education institutions. However, the CPA applies to charitable organizations and nonprofits that meet the threshold requirements.

pexels-stefan-coders-2048774

The CPA also stipulates companies’ obligations regarding the collection and use of data. 

These duties include:

• Transparency
• Purpose specification
• Data minimization
• Secondary use
• Care
• Unlawful discrimination
• Sensitive Data
If a company or entity is in violation of CPA, the Colorado Attorney General’s office will notify the organization with an option for corrective action. The company or entity has 60 days from when the notice was received to correct the violation. The CPA does not specify fines for a violation but it can be from $2,000 to $20,000 per violation or between $10,000 to $50,000 per violation against an elderly person. Additionally, CPA violations can lead to criminal charges.

pexels-photomix-company-96612

Meet Your Privacy Rights Legal Team

Danyelle_wide

Danyelle McNeary

Associate Attorney

Danyelle is strong-willed, disciplined, and works diligently hard not only for her clients but for justice in general. She approaches each case with thoughtfulness and care. Danyelle nurtures her client relationships to develop trust and understanding between her and her clients. Due to her empathetic nature, Danyelle fiercely represents her clients and their needs.

Sebastian Garcia bio copy

Sebastian Garcia

Associate Attorney

Sebastian Garcia has worked on legal issues surrounding data privacy policies and cybersecurity throughout his career. As a legal intern, he assisted the supervising legal counsel on cybersecurity standards NIST 800-171 and DFARS 252.204.7012. Additionally, he served as a legislative fellow in the United States Senate.

Get Started in

3 EASY STEPS

 Discuss Your Claim

 Explore Your Options

 We Will Advocate For You

Get Started in

3 EASY STEPS



Discuss Your Claim


Explore Your Options


We'll Advocate For You

Request Your Free Consultation Today

Or Call (866) 433-4116