Jun 182022
 June 18, 2022  Posted by  Laws, U.S.

Jeremy Meisinger of Foley Hoag LLP writes:

As we wrote last year, Colorado is among the vanguard of privacy-focused states—including California, Washington, and Virginia—to adopt significant state-level privacy legislation.  One year out from enforcement of the Colorado Privacy Act (which begins on July 1, 2023), businesses should begin to put their compliance frameworks in place, as some of the Colorado Privacy Act’s significant requirements will need substantial investment beforehand to afford consumers the rights that they are guaranteed under the Act.

Sizeable businesses that are part of Colorado’s over $2 billion cannabis market should take special note of the Act’s requirements, as cannabis businesses with a significant retail component often manage large amounts of personal information in relation to customers.  While many smaller operations are likely to be exempt—the Act does not apply unless the business either processes the data of 100,000 consumers yearly or engages in the sale of personal data while also processing the data of 25,000 customers—larger businesses should be planning now to comply with the Act.

Read more at Security, Privacy and the Law.

Sorry, the comment form is closed at this time.