Colorado: AG publishes data security best practices guidance
The Colorado Attorney General ('AG') published, on 28 January 2022, a guidance document on data security practices. In particular, the guidance outlines that it is based on the AG's data security cases and relevant Colorado statutes.
As such, the guidance highlights data security practices that covered entities can adopt, including:
- creating an inventory of the types of data collected and establishing a system for how to store and manage that data;
- developing a written information security policy;
- adopting a written data incident response plan;
- managing the security of vendors; and
- training employees to prevent and respond to cybersecurity incidents.
You can access the guidance here.