Colorado Privacy Act

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Divided SEC Proposes Slew of Cybersecurity Regulations for Securities Market Entities | Privacy World

Utah’s Social Media Regulation Act Signed

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws and Regulations Bring Extensive Data Protection Assessment Requirements | Privacy World

Priority Topics for French CNIL

On January 1st of this year, the Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”) went into effect. Later this year, the Colorado Privacy Act (“CPA”), Connecticut’s Public Act No. 22-15 (known as the “Connecticut Privacy Act” or “CTPA”), and the Utah Consumer Privacy Act (“UCPA”) will go into effect as well. Aside from the UCPA, these laws will obligate covered entities to document and assess certain processing activities in formal data protection assessments, which will be available to regulators. The purpose is to require companies to look critically at high-risk data processing activities and avoid unjustifiable risks and negative impacts on data subjects. Assessments can also serve the purpose of maintaining current data inventories and retention schedules and ensuring that processing is not inconsistent with the notified purposes at the time of collection.
Continue Reading 2023 State Privacy Laws and Regulations Bring Extensive Data Protection Assessment Requirements

On March 15, 2023, after five public input sessions, a rulemaking hearing, and over 130 written comments, the Colorado Privacy Act (“CPA”) rules were officially finalized when the Colorado Attorney General’s Office completed its review and submitted them to the Secretary of State. The final rules will be published later this month and go into effect on the same day as the statute, July 1, 2023.
Continue Reading Colorado Privacy Act Rules Finalized; To Be in Effect July 1

Part 1 of How to Approach DPAs in view of Final CCPA Regs: A Series

This is the first in our series of blog posts on top considerations for approaching data processing terms required under the state privacy laws that have, or will, come into effect this year, namely the California Consumer Privacy Act, as

2022 was another eventful year in the realm of privacy, security and innovation.  Privacy World was there every step of the way, to keep you informed on key developments.  Starting next week, we will be rolling out our popular Year in Review series.  As a lead up to that, below are our ten most popular

The Interactive Advertising Bureau (IAB) and IAB Tech Lab have proposed updates their industry level agreements and privacy signal program to support the efforts of marketers, agencies, publishers, and ad tech companies to comply with the US state privacy laws going into effect in 2023. The comment period on the updates is open until October 27.
Continue Reading Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws

This blog post is a bonus supplement to our quarterly Artificial Intelligence and Biometric Privacy Quarterly Review Newsletter. Be on the lookout for our Q3 Newsletter!

We are quickly approaching the Jan. 1, 2023 operative date of most of the provisions of the California Privacy Rights Act (“CPRA), which, as most of us know by now, substantially amends the CCPA. Under the CPRA, the California Privacy Protection Agency (“CPPA” or “Agency”) has a mandate to issue regulations on a number of specific topics. With just fewer than three months to go until January 1, regulations are not even close to being finalized.  The Agency released the first draft of proposed regulations on May 24, and the first public comment period ended on August 23. In a meeting held by the CPPA on Friday, September 23, the Agency gave no concrete sense of timing or any comments on topics, such as those discussed in this post, for which regulations have not even been issued. This has left many businesses feeling left in the lurch, uncertain of what to do.
Continue Reading Profiling and Automated Decision-Making: How to Prepare in the Absence of Draft CPRA Regulations

On September 30, 2022, the Colorado Attorney General’s Office (“Colorado AG”) issued its proposed draft Colorado Privacy Act (“CPA”) Rules (the “CPA Rules” or “Rules”). The draft Rules, which add significant complexity and obligations on businesses, go far beyond what was expected of the Colorado AG and, despite the repeated insistence for interoperability with other

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Passage of Federal Privacy Bill Remains Possible This Year, Remains a Continued Priority | Consumer Privacy World

Webinar Registration