Colorado Privacy Act Becomes Third State-level Privacy Regulation in US
In July, Colorado joined Virginia and California in passing a comprehensive privacy law. The Colorado Privacy Act (CPA) will go into effect on July 1, 2023, six months after Virginia’s Consumer Data Protection Act (CDPA) and the California Consumer Privacy Act (CCPA) go into effect. Colorado’s law does not have a private right of action, and the AG is to adopt regulations on certain aspects by July 1, 2023.
The CPA applies to companies that conduct business in Colorado or sell products intentionally targeted to residents of Colorado. Also, these companies meet either of the following thresholds 1) they control or process personal data of 100,000 or more consumers during a calendar year; or 2) they derive revenue or receive discounts from the sale of personal data and control or process data of at least 25,000 consumers.
CPA’s applicability is like VCDPA, with the difference being Virginia’s law also requires businesses must derive over 50 percent of their gross revenue from the sale of personal data to meet the second threshold noted above. CPA’s applicability is narrower in most instances than the Californian Consumer Privacy Act, but also slightly different. That means some businesses will fall within CCPA’s purview, but not CPAs, and vice versa. And while the CCPA contains a revenue threshold of $25 million annually, the CPA does not contain a revenue threshold at all. Also, the CPA’s 100,000 consumer threshold is double the CCPA’s 50,000.
There may only be three states with privacy laws on the books so far, but more are bound to follow suit. Be ready by maintaining compliance with the regulations already in place. 2W Tech can help. Our Cybersecurity Compliance Program is designed to support our clients’ compliance obligations. Most organizations must abide by and maintain a standard for controls that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements, and access relevant system architecture information. Give us a call today to get started on your journey to achieving compliance.