Colorado Privacy Act, SB 21-190: What You Need to Know

Meredith Sidewater

On July 8, 2021, Colorado enacted the Colorado Privacy Act, SB 21-190, following Virginia and California. The law becomes effective July 1, 2023.

Below are high-level details about the CPA. Please contact our firm to determine whether your organization must comply with the CPA, and, if so, the specifics regarding such compliance.

The law applies to any individual, corporation, government or governmental subdivision or agency, business trust, estate, trust, limited liability company, partnership, association, or other legal entity (“Controller”) that:

alone or jointly with others, determines the purposes for and means of processing personal data
or
delivers commercial products/services targeted to Colorado residents
and
during a calendar year, controls or processes personal data of at least 100,000 consumers

or

derives revenue or receives a discount on the price of goods or services from the sale of personal data and controls or processes personal data of at least 25,000 consumers

Consumers have the following rights:

To confirm whether a controller is processing personal data and to access the personal data
To correct inaccuracies in the personal data
To deletion of their personal data
To data portability
To opt out of targeted advertising, sale or profiling

Controller Duties:

Transparency
Purpose specification and limits on secondary uses
Data minimization
Care in securing personal data
Avoid unlawful discrimination
Restriction on processing sensitive data absent consent

Other Obligations

Provision of a privacy notice
Contracts with processors
Data Protection Assessments

Other Firm News

Lizz Patrick Featured on NAMWOLF Social Media for PLG’s Sponsorship of the 2024 Annual Meeting in Atlanta

Laci Roth August 21, 2024

PLG Congratulates Toyota North America for Receiving a Greater Women’s Business Council TOP Corporations Award

Laci Roth May 21, 2024

Meredith Sidewater Selected to be a Member of the 2024 LAW360 Editorial Board

Laci Roth April 10, 2024

PLG Sponsors the International Women’s Forum Georgia and Georgia Pacific 5th Annual International Women’s Day Event

Laci Roth March 1, 2024

Alexa Baltodano CLE Panelist at the 2023 NAMWOLF Annual Meeting in Baltimore

Laci Roth October 15, 2023

The PLG Team Attends the 2023 NAMWOLF Annual Meeting in Baltimore

Laci Roth October 13, 2023

Colorado Privacy Act, SB 21-190: What You Need to Know

Meredith Sidewater

The law applies to any individual, corporation, government or governmental subdivision or agency, business trust, estate, trust, limited liability company, partnership, association, or other legal entity (“Controller”) that:

or

and

or

Consumers have the following rights:

Controller Duties:

Other Obligations

Other Firm News

Lizz Patrick Featured on NAMWOLF Social Media for PLG’s Sponsorship of the 2024 Annual Meeting in Atlanta

PLG Congratulates Toyota North America for Receiving a Greater Women’s Business Council TOP Corporations Award

Meredith Sidewater Selected to be a Member of the 2024 LAW360 Editorial Board

PLG Sponsors the International Women’s Forum Georgia and Georgia Pacific 5th Annual International Women’s Day Event

Alexa Baltodano CLE Panelist at the 2023 NAMWOLF Annual Meeting in Baltimore

The PLG Team Attends the 2023 NAMWOLF Annual Meeting in Baltimore

Follow Us

Team

Legal Insights

AI-dentity Crisis: The Role of the Lawyer in an Increasingly Digital World

Tips for Hiring Outside Counsel You’ll Want to Keep Working With

Colorado Privacy Act, SB 21-190: What You Need to Know

Contact Info

Atlanta Office