Colorado Privacy Act
The Colorado Privacy Act (CPA), signed into law on July 7, 2021, is a significant privacy regulation designed to protect and empower Colorado consumers by introducing new rights for consumers and imposing obligations on covered entities.
Which businesses need to comply with the CPA?
The Colorado Privacy Act (CPA) applies to companies …
- that conduct business in Colorado or produce or deliver commercial products or services that are intentionally targeted to Colorado residents.
- that control or process the personal data of 100,000 or more Colorado residents in a year.
- which derive revenue or receive a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of 25,000 or more consumers.
What is the CPA about?
- Consumer Rights: The CPA gives Colorado consumers new rights with respect to their personal information. These include the right to access, delete, and correct their personal information.
- Opt-Out Rights: Consumers have the right to opt out of the sale of their personal data or its use for targeted advertising or certain types of profiling.
- Data Protection Assessments: Covered entities are required to conduct data protection assessments when a particular processing operation presents a heightened risk of harm to consumers.
- Sensitive data: Covered entities are required to obtain consent before processing certain sensitive personal data.
- Universal Opt-Out Mechanisms (UOOM): Beginning July 1, 2024, data controllers must allow consumers to exercise their right to opt out of the processing of their personal data for the purposes of targeted advertising or sales through a “universal opt-out mechanism”.
Impact on Businesses
The CPA has significant implications for businesses operating in Colorado:
- Compliance costs: Covered entities will need to invest in compliance efforts, including privacy assessments, consent management, and opt-out mechanisms.
- Risk of fines: Failure to comply can result in fines that impact a company’s budget.
- Operational changes: Organizations must adapt processes to comply with CPA requirements.
- Consumer Trust: Demonstrating compliance with the CPA improves consumer confidence and reputation.