Webinar Recording – The Colorado Privacy Act and Draft Rules
Data Privacy Unlocked, A Conversation with State Senator Robert Rodriguez of Colorado, Part II
Data Privacy Unlocked, A Conversation with State Senator Robert Rodriguez of Colorado, Part I
In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more
On July 1, 2023, the Colorado Privacy Act (ColoPA) and Connecticut Data Privacy Act (CTDPA) will go into effect, joining California and Virginia, whose data privacy laws are already in effect. Notably, while the California...more
It’s only April, but 2023 has already been a big year for new and evolving data privacy legislation. In January, the California Privacy Rights Act took effect, expanding and clarifying the rights and obligations within the...more
Colorado Department of Law Issues Draft CPA Revisions - On December 22, the Colorado Department of Law issued updates to the draft Colorado Privacy Act (CPA) rules. These revisions build on written comments and feedback from...more
2023 already is a landmark year for privacy regulation. As of January 1, 2023, two new privacy laws are now in effect: (1) the California Privacy Rights Act (CPRA), which amends the California Consumer Privacy Act (CCPA), and...more
In 2023, five new state privacy laws will become effective. How will these new laws affect your business? Currently, privacy laws in the United States include a patchwork of state laws as well as some industry- or...more
On July 7, 2021, Colorado enacted the Colorado Privacy Act (CPA), becoming the third U.S. state to adopt a comprehensive privacy law. As previously described, the CPA doesn’t apply to everyone. Instead, it only applies to...more
On October 10, the Colorado Attorney General (“AG”) released its draft regulations outlining businesses’ obligations under the Colorado Privacy Act (“CPA”). The 38-page set of draft regulations flesh out several novel privacy...more
The talk of “opt-out preference signals” or global privacy controls (GPC) has been increasing as companies dig into the forthcoming requirements under US “comprehensive” privacy laws. What is an opt-out preference signal? An...more
California Privacy Protection Agency Releases Revised Regulations - With the effective date less than three months away, and ahead of a Board Meeting on October 28 and 29, the California Privacy Protection Agency released...more
Of the five new state-level omnibus privacy laws that are going into effect in 2023, two authorize state-level rulemakings: the California Privacy Rights Act (CPRA) and the Colorado Privacy Act (CPA). These two states’...more
The Colorado attorney general’s office sent shockwaves throughout the privacy world on September 30, 2022, when it published its proposed Colorado Privacy Act (CPA) draft rules (Draft Rules). The Draft Rules are complex and...more
The Colorado Attorney General’s Office issued its proposed Colorado Privacy Act (CPA) Rules (Draft Rules) on Friday, September 30. The CPA Rules differ in many ways from those in the proposed California Privacy Rights Act...more
The Colorado Attorney General’s Office published draft Colorado Privacy Act (CPA) rules on September 30, 2022. The draft rules are a complex and lengthy set of regulations that, if adopted without substantial modification,...more
Keypoint: The CPA draft rules are a complex and lengthy set of regulations that, if adopted without substantial modification, will significantly expand the CPA’s requirements and require controllers to carefully consider...more
8 11 The emergence of data protection laws has given greater meaning to how customers and businesses view consent in the context of collecting personal data from consumers. In recent years, regulations such as the General...more
Utah is the latest state to enact a comprehensive privacy law after the governor signed the Utah Consumer Privacy Act (“UCPA”) on March 24 of this year. UCPA goes into effect on December 31, 2023. California, Virginia, and...more
Keypoint: Organizations that collect personal data from children under 16 will need to ensure compliance with additional requirements once the laws go into effect. This is the ninth post in our ten-part weekly series...more
Keypoint: Starting in 2023, organizations that are subject to one or more of the laws will need to enter into contracts with recipients of personal information/data that address numerous statutory requirements....more
Keypoint: This week legislatures in Florida, Washington, West Virginia and Wisconsin closed without passing bills while Maryland’s bill was converted into a one-year study. Below is our ninth weekly update on the status of...more
Keypoint: The requirements for recognizing opt-out preference signals for certain types of processing vary widely depending on which state laws apply. This is the sixth post in our ten-part weekly series comparing key...more
Keypoint: The CPRA requires that businesses use certain types of sensitive personal information only for limited purposes, otherwise they must notify consumers of the additional purposes and provide consumers the opportunity...more
In the ongoing absence of federal legislation, multiple states have enacted omnibus privacy laws. In addition to the California Consumer Privacy Act (CCPA), which is already in effect and being actively enforced, three new...more
Keypoint: The CPRA, CPA and VCDPA require data protection assessments for certain processing activities; however, when and how entities must conduct and prepare assessments varies....more
Keypoint: The CPRA, CPA, and VCDPA vary in both their definitions of biometric information/data and their compliance obligations. This is the second article in our ten-part weekly series comparing key provisions of the...more