Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Colorado: Personal data privacy bill signed into law by Governor

Senate Bill ('SB') 21-190 for an Act concerning additional protection of data relating to personal privacy was signed, on 7 July 2021, by the Colorado State Governor. In particular, SB 21-190 provides several privacy rights, including the right to opt-out of the processing of personal data, as well the right to access, correct, or delete personal data, or to obtain a portable copy of the data. Furthermore, SB 21-190 imposes obligations on data controllers such as transparency, purpose specification, data minimisation, non-discrimination, and the use of sensitive data, among others. In addition, SB 21-190 requires that controllers conduct assessments when processing personal data in activities that present a heightened risk to consumers and assigns enforcement powers to the Attorney General and district attorneys.

Moreover, SB 21-190 will go into effect on 1 July 2023.

You can read SB 21-190 here, track its history here, view the Governor's tracker here and read the Governor's press release here.

Join OneTrust DataGuidance for a webinar discussing the details of the new Colorado Privacy Law (CPA), the implications for organizations and their obligations under the law, and measures to consider to comply with the new law.

Key Takeaways:

  • The nature of the new Colorado Privacy Act (CPA) and how it will impact organizations
  • How the CPA compares to other US Privacy Laws, like the CCPA and CDPA
  • How this law impacts organizations and the steps they should take to ensure compliance