On June 7, 2021, The Colorado Privacy Act (Senate Bill (‘SB’) 190) was passed by the Colorado House of Representatives. Following its approval, SB21-190 was signed by Governor Jared Schutz Polis on July 7, 2021.  The Colorado Privacy Act (CPA) represents yet another comprehensive privacy law in the United States, following in the footsteps of the CCPA and Virginia’s CDPA. During the legislative process, there were many amendments made to SB21-190, most notably the decision to not include a private right of action – an area of great discussion among other state proposals.

Colorado Privacy Act Webinar

The Colorado Privacy Act: What you Need to Know

The Colorado Privacy Act will take effect on July 1, 2023, and will apply to entities that conduct business or produce products and services that are targeted at Colorado residents and either:

  • Control or process data of 100,000 consumers per year, or
  • Derive revenue from sale of personal data and control or process data of 25,000 consumers

However, the CPA will not apply to certain entities or personal data governed by specifically listed state and federal laws, listed activities, and employment records.

The CPA also outlines several consumer rights including the right to opt-out, right to access, right to correction, right to deletion, and the right to data portability while also outlining definitions of Controller and Processor. Under the Act, controllers and processors will have specific obligations relating to written contracts, privacy notice requirements, and data protection assessments.

Colorado Privacy Act Webinar

How OneTrust Helps

OneTrust offers organizations of all sizes a dedicated suite of technology solutions and professional services to help simplify compliance with the incoming Colorado Privacy Act. With OneTrust, your organization can utilize geo-targeted opt-out of sale links for Colorado consumers, automate privacy rights requests, and provide customers with a clear choice over how their data is used.

The CPA is set to bring a new set of rights to consumers in Colorado as well as imposing comprehensive obligations on controllers and processors and its signing will likely lead to many other states with similar privacy bills in the legislative process following suit. Request a demo to see how OneTrust can help your organization on the road to compliance with the Colorado Privacy Act.

Further reading on the Colorado Privacy Act:

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on the Colorado Privacy Act.