Colorado Amends Data Breach Notification Law
Colorado has a new data breach law that went into effect September 1, 2018. The new bill amends three areas of the States Data Breach law.
- Amends the notification procedures to 30 days and expands the definition of personal information
- Established data breach requirement for business and their service providers
- Amends State law regarding disposal of personal information.
Some Highlights Of The New Law Include
- Business must have a written policy relating to destruction of personal information.
- If an entity discloses personal information to a third party that entity must require the service provider to maintain reasonable security measures.
- A notice must be given to the States Attorney General office within 30 days of the known breach.
- Business must have reasonable security procedure in place to protect personal information.
- The bill re-defines personal information to include; social security numbers, passwords, driver’s licenses or identification card numbers, passport, student identification numbers, medical information, military information, or any financial transaction information.
Here is a link to more information.