On June 7, 2021, The Colorado Privacy Act (Senate Bill (‘SB’) 190) was passed by the Colorado House of Representatives. Following its approval, SB21-190 was signed by Governor Jared Schutz Polis on July 7, 2021. The Colorado Privacy Act (CPA) represents yet another comprehensive privacy law in the United States, following in the footsteps of the CCPA and Virginia’s CDPA. During the legislative process, there were many amendments made to SB21-190, most notably the decision to not include a private right of action – an area of great discussion among other state proposals.
The Colorado Privacy Act: What you Need to Know
The Colorado Privacy Act will take effect on July 1, 2023, and will apply to entities that conduct business or produce products and services that are targeted at Colorado residents and either:
- Control or process data of 100,000 consumers per year, or
- Derive revenue from sale of personal data and control or process data of 25,000 consumers
However, the CPA will not apply to certain entities or personal data governed by specifically listed state and federal laws, listed activities, and employment records.
The CPA also outlines several consumer rights including the right to opt-out, right to access, right to correction, right to deletion, and the right to data portability while also outlining definitions of Controller and Processor. Under the Act, controllers and processors will have specific obligations relating to written contracts, privacy notice requirements, and data protection assessments.
How OneTrust Helps
OneTrust offers organizations of all sizes a dedicated suite of technology solutions and professional services to help simplify compliance with the incoming Colorado Privacy Act. With OneTrust, your organization can utilize geo-targeted opt-out of sale links for Colorado consumers, automate privacy rights requests, and provide customers with a clear choice over how their data is used.
The CPA is set to bring a new set of rights to consumers in Colorado as well as imposing comprehensive obligations on controllers and processors and its signing will likely lead to many other states with similar privacy bills in the legislative process following suit. Request a demo to see how OneTrust can help your organization on the road to compliance with the Colorado Privacy Act.
Further reading on the Colorado Privacy Act:
- Colorado General Assembly: Senate Bill 21-190
- Colorado General Assembly: Status of SB21-190
- OneTrust DataGuidance News: Colorado: Personal data privacy bill signed into law by Governor
- OneTrust DataGuidance Portal: Colorado Privacy Act