Colorado Becomes the Third State to Pass State-Mandated Privacy Requirements | Apptega securityboulevard.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from securityboulevard.com Daily Mail and Mail on Sunday newspapers.
To embed, copy and paste the code into your website or blog:
Colorado added to the United States’ patchwork approach to data privacy regulation this week. On July 7, Colorado Governor Jared Polis signed into law the Colorado Privacy Act (“CPA”), a sweeping law that creates substantial new obligations for organizations that process the personal data of Colorado residents. The CPA is scheduled to become effective on July 1, 2023. Between now and the effective date, organizations with business operations or customers in Colorado should carefully assess whether they fall within the CPA’s scope (whether they are located in Colorado or not), and work toward compliance if the law applies to them.
Duty to avoid unlawful discrimination; and
Duty regarding sensitive data.
In addition, while Consumers may request access to their personal data, Controllers may not require that a Consumer create a new account in order to exercise this right (or retaliate with increased cost or decreased availability of a product or service ). When responding to Consumer data requests, Controllers must:
Take action on the Consumer’s request without undue delay and within 45 days of receiving the request with few exceptions.
Develop an internal process for Consumers to appeal refusals of data requests.
Notify the Consumer that it may contact the Colorado Attorney General if the Consumer has concerns about the result of the response and outcome of appeal.
Colorado Becomes the Third State to Adopt a General Privacy Law | Alston & Bird jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.
To embed, copy and paste the code into your website or blog:
On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (“VCDPA”) into law. This made Virginia the second state to enact a consumer privacy and data security law, following in the footsteps of the California Privacy Rights and Enforcement Act (“CPRA”). Virginia will not be the last to regulate the relationship between consumers and businesses holding their data; Colorado has already become the third state to pass such a measure, and New Jersey, New York, Washington, Minnesota, Oklahoma, and others have bills under consideration. Virginia’s recent action is relevant beyond its borders, becoming the model for proposed legislation in Utah and raising the profile of long-stalled congressional data privacy efforts.