August 13, 2020

Volume X, Number 226

August 12, 2020

Subscribe to Latest Legal News and Analysis

August 11, 2020

Subscribe to Latest Legal News and Analysis

August 10, 2020

Subscribe to Latest Legal News and Analysis

Colorado Joins States in Passing Data Protection Requirements

Colorado’s recently passed breach notice law, which goes into effect on September 1, includes a data security requirement. This mirrors the change to the Louisiana breach notice law we reported about yesterday. Under the law, companies will need to have “reasonable” security practices and procedures that protect personal information. Personal information is defined as social security numbers, personal identification number, a password or pass code, state ID numbers, and biometric data. The law also will require companies to ensure that third parties with whom they share personal information have reasonable security protections.

Putting it Into Practice: Companies should keep in mind the growing number of state law requirements to protect information when developing and maintaining their information security programs. Here, the Colorado requirements around vendors are particularly useful to keep in mind.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume VIII, Number 177

TRENDING LEGAL ANALYSIS


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335