On June 8, the Colorado General Assembly and Senate passed the Colorado Privacy Act ( “CPA”), making Colorado the third US state (after California and Virginia) to pass a comprehensive privacy law. The bill now awaits signature or veto (which is not expected) by the Governor within 10 days. The CPA applies to businesses that collect and store data on more than 100,000 people or entities which earn revenue from the data of more than 25,000 consumers. While the details of the CPA are being further examined, the CPA includes numerous new data subject rights, an opt-out consent procedure, a right to cure, and allows the state attorney general to enforce the CPA and make additional related rules. The CPA seems to sit somewhere between the more comprehensive and consumer-friendly California Consumer Privacy Act (“CCPA”) and the recently enacted California Privacy Rights and Enforcement Act (“CPRA”) on the one hand, and the Virginia Consumer Data Protection Act (“VCDPA”) on the other. Together with the stringent GDPR of the European Union (which impacts many US businesses) and data breach laws in all 50 states, making data privacy and protection an integral part of all aspects of your business – think Privacy by Design – is more important than ever. Please contact Michael J. Feldman, Esq., CIPP, at or 908-964-2486 with any questions or to discuss how these laws impact your business and what you can do to stay ahead of the curve and your competition. Please also contact Michael if you would like to start receiving our free VIGILANT PSA Privacy E-Newsletter, the first edition of which can be found here: https://www.olenderfeldman.com/wp-content/uploads/2021/04/Privacy-Newsletter-01.pdf.
