Coloradoâs Consumer Data Protection Act Has Passed: Whatâs in It?
Privacy and Data Security
June 08, 2021
Subscribe
On June 8, 2021, the Colorado Senate passed SB21-190, the Colorado Privacy Act (CPA), as amended by the Colorado House of Representatives. Governor Jared Polis has 30 days to sign it into law, which he is expected to do. Passage of the CPA makes Colorado the third state in the United States to enact a cross-industry privacy rights law.
The CPA is modeled on the failed Washington Privacy Act and Virginia’s already passed Consumer Data Protection Act (CDPA) but contains notable differences, including with respect to the scope of its exemptions and the rights it would provide to Colorado residents. Companies already subject to the California Consumer Privacy Act (CCPA), Virginia’s CDPA and the EU’s Global Data Protection Regulation (GDPR) will have a leg up in preparing for the CPA. However, a thoughtful readiness program is needed to comply with the CPA’s unique provisions and to efficiently integrate with existing business operations.