On July 7, 2021, Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law. The CPA tasked the Colorado Attorney General with implementing and enforcing the CPA, including adopting new rules (“Rules”). As readers of our blog know, the CPA is a part of the State of Colorado’s Consumer Protection Act. As states enact their own data privacy laws, the resulting provisions are often compared to the California Consumer Privacy Act (“CCPA”). California led the way in data privacy legislation and certainly prompted other states to contemplate how businesses could better address consumer data privacy rights. Please note that Colorado lawmakers have taken their mandate seriously and, as such, seem committed to drafting rules that serve the data privacy interests of state residents.
Process of Revising Colorado Privacy Act Rules
The Colorado Attorney General and Colorado Department of Law are taking what they termed, an “iterative” approach, to the promulgation of CPA Rules. On October 10, 2022, the Colorado Secretary of State published CPA draft rules. In the interest of public involvement and transparency, the Colorado Department of Law has invited feedback from interested and affected parties, both through a written comment portal and through a series of three stakeholder sessions. The latest version of the CPA Rules was updated on December 21, 2022, and, likely, will undergo further revision. In fact, according to the Department of Law, members of the public will have the opportunity to provide oral comment at the formal CPA rulemaking hearing on February 1, 2023. Significantly, State lawmakers have indicated that, “[a]ny revisions to the 12-21-2022 iteration of the proposed draft rules will be made available to the public at least five (5) days prior to the February 1, 2023, rulemaking hearing.”
Latest Version of the Colorado Privacy Act Rules
As this is a volatile and unsettled area of the law, it is extremely important to be sure that your marketing efforts continue to be compliant with evolving state data privacy regulations. To be safe, the best course of action is to contact an experienced data privacy attorney. If you need assistance with implementing Colorado privacy law compliance measures, please e-mail us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Related Blog Posts: