How Colorado’s Data Privacy Law Affects Your Security

Cyber crime has risen dramatically over the past several years, with hundreds of millions of records exposed in data breaches each year.

To help stem this flood of attacks and keep consumers informed of how their information is used, Colorado implemented the Colorado Protections for Consumer Data Privacy law, HB 18-1128, in 2018.

This law requires organizations to use reasonable protection to guard personal data against attacks. It defines which information qualifies as protected Personal Identifiable Information (PII) and how long organizations have to report a data breach that has exposed PII.

How does this law affect the security of businesses and individuals today? Read on to learn more about the implications of Colorado’s privacy act.

What to Know About Colorado’s 2018 Consumer Privacy Act

Under this data privacy law, it’s required that businesses and organizations develop and implement data security procedures and practices. Written destruction policies for materials that contain personal identifying information are also required, for both digital and paper materials.

Another significant factor of this act is the requirement that companies notify the attorney general’s office of breaches that affect over 500 Coloradans within 30 days of the breach. This is one of the strictest laws of its type in the nation due to its short notification period.

The Personal Identifying Information (PII) protected by the act includes Social Security numbers, PINs, driver’s licence numbers, financial information, and more. Protected information must be stored, protected, and destroyed in line with the law. If the law is violated by a business or organization, they can be prosecuted by the Colorado attorney general.

How Reporting Breaches Affects Consumers and Companies

Since the consumer data privacy law went into place in 2018, we’ve had a much clearer picture of how many cyber attacks and data breaches are happening in the state. In the first five months alone, 33 companies reported data breaches, and over 91,000 Coloradans were notified of the exposure of their data.

It’s essential that consumers know how their personal information is being used and that companies are held responsible when they fail to protect that valuable data.

When a company suffers a data breach, they suffer financially, as they may have to pay fines and legal fees and customers stop immediate spending. But they can also reputationally, losing business for years to come after a breach. One study found that 83% of Americans claimed they would stop spending at a business that had suffered a data breach for several months afterward, and 21% said they would never return to dealing with that business.

The Importance of Strong Cybersecurity Measures

Because of the responsibility businesses have to protect the consumer data they’re entrusted with and the significant consequences of suffering a data breach, it’s more important than ever for companies to implement strong internal cybersecurity measures.

Common-sense practices like using multi-factor authentication and strong password hygiene, firewalls, and antimalware may be enough for some companies; but in the face of a concerted attack, businesses often need more proactive measures and constant system monitoring.

In that case, a reliable IT company in Denver can help businesses put secure practices in place for protecting their business, assets, and consumer data.

Chris Turn

Chris Turn