Colorado Privacy Act Compliance

SENATE BILL 21-190

Data Protection Assessments and Full Governance We work with Colorado businesses to design and implement data protection governance plans and comply with the Colorado Privacy Act (CPA), which goes into effect Jul 1, 2023
CPA Guide

What does the CPA require (and how do we help?)

Starting on July 1, 2023, the CPA requires companies handling sensitive consumer data of employees in Colorado to conduct data protection assessments for every data processing activity that involves sensitive data, including processes that use automated or algorithmic tools.

The requirement applies to any company processing Colorado consumer data. It also stipulates the need for a universal opt-out mechanism, among other things. Final rules are currently being drafted, but Proceptual can help you be proactive in your preparation.

Conduct your data protection assessments prior to Jul 1, 2023, when the CPA goes into effect
The data protection assessments would require any employer handling sensitive data, whether for consumer or employment purposes (all are considered “consumers” in this law), to perform an assessment for any tools they use to process, store, retain or share personal data. These assessments must include justification, intended purpose, and risks of using these tools, and include mitigation measures in place.

Identify Universal Opt-Out Mechanisms
The current draft states that Universal opt-out mechanisms must also be implemented, and allow consumers to opt out of all data processing or for a specific purpose. It also seems that, at the moment, these mechanisms will need to be approved by the state, and that companies will have a list of approved tools to select from – we can help you identify those.

Disclosures, Consent Mechanisms, and more
The current draft requires external disclosures that include privacy notices, consent mechanisms that obtain consumer approval through “clear, affirmative action”, and more. We can help you establish the governance plan you need to comply.

Crypto_Illustration_14
CPA Rules Update

When will the final rules for CPA be released?

The final rules hearing was held February 1, 2023, and it was indicated during that session that the rules would be released soon.

Sign up for our newsletter for weekly updates, or contact one of our experts to be immediately notified and debriefed when the rules are released.

Our Process

Our Proven Process

Proceptual’s technology-driven, proven process produces data governance and compliance quickly and accurately.

Scoping

What pieces of this law are relevant to your organization?
Which types of data and processes must be assessed?
What types of mechanisms need to be in place?

Data Collection & Cleaning

Collect all data relevant to covered functions and processes
Comply with internal and external privacy requirements

Complete Assessments & Identify Mechanisms

Produce data protection assessments
Review assessments internally for accuracy
Produce list of mechanisms needed for compliance

Implement Public Facing Changes

Publish privacy notices
Implement consent mechanisms and opt-out mechanisms
Implement any other compliance needs

Establish Maintenance Plan

Establish review standards to keep up with new tools, data, processes, and laws
Establish assessment update plan to ensure continuous compliance
We Deliver

How do we help?

We offer end to end compliance with CPA. This includes:
shapes-3
Initial consultation. We work with you to understand what this law requires of your organization.
shapes-2
Data protection assessments pursuant to CPA. We can produce the assessments you need quickly and accurately.
shapes-1
We help you identify and implement any other mechanisms or tools needed for compliance.
shapes
We recommend specific steps to comply with all requirements of CPA.
Contact Us

Let’s Connect for Compliance Solutions

Our team is ready to support your privacy, compliance, and risk management needs—let’s talk today. We look forward to helping you move forward with confidence.