In 2021, the state of Colorado signed into law the Colorado Privacy Act (CPA) which will go into effect on July 1, 2023. This act protects the privacy rights of Colorado residents regarding their personal data, particularly their online activities. Based on this act, companies must protect five consumer rights including the right to:
Companies doing business in Colorado, including via a website or an app, and/or processing the data of Colorado residents who meet threshold requirements – a) processing personal data of 100,000 or more residents annually, or (b) processes personal data of at least 25,000 residents annually and derive revenue or receive discounts on goods and/or services due to the sale of that data – must comply with these laws. The companies do not need to have a physical presence in Colorado. There are stipulations for small companies who do not meet the revenue threshold or the number of data processing. In addition, Colorado exempts many organizations including airlines, public utilities, governmental entities in Colorado, and higher education institutions. However, the CPA applies to charitable organizations and nonprofits that meet the threshold requirements.
The CPA also stipulates companies’ obligations regarding the collecting and use of data. These duties include:
If a company or entity is in violation of CPA, the Colorado Attorney General’s office will notify the organization with an option for corrective action. The company or entity has 60 days from when the notice was received to correct the violation. The CPA does not specify fines for a violation but it can be from $2,000 to $20,000 per violation or between $10,000 to $50,000 per violation against an elderly person. Additionally, CPA violations can lead to criminal charges.
At Whitcomb, Selinsky, P.C., we can assist you with your data privacy compliance or a violation. For questions on your data privacy compliance needs, our data/cybersecurity/privacy legal experts will review your current data privacy practices and recommend additional practices to ensure compliance with the CPA. If you have a violation, these same experts will review your violation, recommend corrective actions, and work with the Attorney General if needed to ensure the violation is corrected. We will also evaluate your current data privacy systems and propose changes, so you won’t receive a notification in the future.
Contact us at Whitcomb, Selinsky, P.C. We can help you get back to business.