On June 8, 2021, the Colorado Senate passed SB21-190, the Colorado Privacy Act (CPA), as amended by the Colorado House of Representatives. Governor Jared Polis has 30 days to sign it.
The Mintz Privacy & Cybersecurity Blog will be providing regular updates of notable pending US state privacy laws. Following our similar previous updates, the most recent of which may.
This update checks in on the progression of those laws, the most notable of which is that Colorado is set to become the third US state to pass a comprehensive privacy law as the Colorado Privacy Act is on the governor’s desk and is expected to be signed.
Coloradoâs Consumer Data Protection Act Has Passed: Whatâs in It?
Privacy and Data Security June 08, 2021
Subscribe
On June 8, 2021, the Colorado Senate passed SB21-190, the Colorado Privacy Act (CPA), as amended by the Colorado House of Representatives. Governor Jared Polis has 30 days to sign it into law, which he is expected to do. Passage of the CPA makes Colorado the third state in the United States to enact a cross-industry privacy rights law.
The CPA is modeled on the failed Washington Privacy Act and Virginia’s already passed Consumer Data Protection Act (CDPA) but contains notable differences, including with respect to the scope of its exemptions and the rights it would provide to Colorado residents. Companies already subject to the California Consumer Privacy Act (CCPA), Virginia’s CDPA and the EU’s Global Data Protection Regulation (GDPR) will have a leg up in preparing for the CPA. However, a thoughtful readiness program is needed to comply with t