Colorado Furthers Privacy Act Regulations

Saba Bajwa

Email

310-788-6027

Bio and Articles

David P. Saunders

Email

312-803-8305

Bio and Articles

Find Your Next Job !

Legal Expert in Commercial & Real Estate Litigation / Property Dispute Speciali…
On Balance Search Consultants

Litigation Legal Support Specialist
Greenberg Traurig

Litigation Attorney / Real Estate and Commercial Litigator
On Balance Search Consultants

Trusts & Estates Partner / Senior Attorney
On Balance Search Consultants

Litigation Paralegal
Greenberg Traurig

Matrimonial Attorney
On Balance Search Consultants

Family/Matrimonial Law Attorney
On Balance Search Consultants

Commercial Real Estate Transactional Attorney / Real Estate Lawyer
On Balance Search Consultants

Trusts & Estates Attorney / Estate Planning Lawyer
On Balance Search Consultants

Chief Operating Officer / Business Manager
On Balance Search Consultants

Explore More Job Openings

Colorado Advances Privacy Act Regulations

by: Saba Bajwa, David P. Saunders of McDermott Will & Emery - Publications - Insights

Wednesday, December 11, 2024

Print Mail Download info_icon_img

/>i

On December 5, 2024, the Colorado Department of Law (Department) adopted an amended draft of its latest proposed Colorado Privacy Act (CPA) regulations. This set of amended regulations follows a public comment period that concluded with a public hearing held on November 7, 2024. The Department has also provided a cover letter explaining how the regulations were revised based on feedback received during the comment period.

In Depth

As a refresher, the proposed regulations:

Require any controller (including employers) that collects biometrics to give a pre-collection notice to the data subject;
Impose new biometrics collection obligations on employers;
Require controllers to obtain consent to process the personal data of minors (consumers under age 18); and
Introduce methods by which companies can seek regulatory guidance from the Colorado attorney general (AG).

The amended regulations introduce some implementation-friendly clarifications, including providing that:

A controller’s biometric notice may be included in its general privacy notice;
Consent is only required when processing the personal data of a consumer whom the controller “actually knows or willfully disregards” is a minor;
Employers are only required to “refresh” consent to collect biometrics in certain limited scenarios; and
Submitting a data protection assessment when seeking an opinion letter from the AG does not constitute a waiver of attorney-client privilege, and assessments required under the CPA are exempt from public inspection under the Colorado Open Records Act.

As the final step in the rulemaking process, the Department has requested a formal opinion on the amended regulations from the AG. The regulations will be filed with the Colorado secretary of state after a formal opinion is issued, and the regulations will become effective 30 days after they are published in the state register. Given the short runway after the regulations are published, businesses subject to the CPA should begin preparing to comply with the newly adopted draft of the CPA regulations.

Current Public Notices

Post Your Public Notice Today!

Free Guide: Using AI & State Court Data to Automate Litigation Tasks.

Discover how Trellis AI helps litigators evaluate cases, automate brief drafting, suggest winning strategies, and more. Click this link to request the Trellis AI Guide.

Published: 5 December, 2024

PUBLIC NOTICE OF DISPOSITION OF COLLATERAL: NUEVO GATEWAY, LLC and PTA DEVELOPMENT LLC

Published: 9 December, 2024

PUBLIC NOTICE OF DISPOSITION OF COLLATERAL: E-Lux Bikes LLC

Published: 9 December, 2024

PUBLIC NOTICE OF UCC SALE: Gaming Society

Published: 6 December, 2024

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: TrueNorth Projects, LLC

Published: 21 November, 2024

PUBLIC NOTICE OF DISPOSITION OF COLLATERAL: BCL CALIFORNIA LLC

Published: 18 November, 2024

PUBLIC NOTICE OF UCC SALE: Sheridan & Wilson, LLC