Tag Archives: Colorado

Navigating the State Data Breach Laws? An Enhanced Resource is Available

In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading

Colorado Enacts Sweeping Changes to Data Breach Reporting Requirements and Adds New Data Security Requirements

Colorado’s Gov. John Hickenlooper signed a bill that significantly strengthens its current data breach notification requirements and adds new measures designed to enhance protections for consumer data privacy. The new law will go into effect on Sept. 1, 2018. Disposal of personal identifying information As previously discussed here (while the bill was in committee), HB18-1128 … Continue Reading

Colorado Legislature Signals That It May Create More Stringent Data Destruction Regulations and Tighten Breach Reporting Requirements

In January 2018, Colorado legislators sponsored a bill that, if passed, will change the state’s existing data breach reporting laws in important ways. A House Committee Report detailing the current version of the bill can be found here. The bill would create a new statute, C.R.S. § 6-1-713.5, titled Protection of Personal Identifying Information, which … Continue Reading

Colorado Proposes Cybersecurity Requirements for Investment Advisers and Broker-Dealers

On March 27, 2017, the Colorado Department of Regulatory Agencies proposed changes to the Colorado Securities Act that would impose new cybersecurity requirements on investment advisers and broker-dealers (the “Proposed Rule”). Among other obligations, the Proposed Rule would require these entities to include cybersecurity as part of their risk assessments, and establish and maintain written … Continue Reading
LexBlog