No, This Isn't Your Edible Kicking in: Colorado's Protection for Consumer Data Privacy Act Is Fo Rizzle

In the words of Snoop Dogg, we are totally fo rizzle. Colorado has passed the Protections for Consumer Data Privacy Act last May. The law applies to any covered entity. Covered entities include: employer, bank, doctor, insurer, and other online companies that collect paper or electronic documents containing personal identifying information (PII). The House Bill 18-1128 also makes it a requirement for businesses to notify and provide detailed documentation to individuals when their PII has been compromised no later than 30 days after the date it has been determined that a security breach occurred. This is relatively relaxed compared to the European Union’s General Data Protection Regulation (GDPR) which makes data breach notifications mandatory within 72 hours.