Skip to Content
Aa Aa Aa

Colorado is the 3rd State to Pass New Digital Privacy Law

Colorado is 3rd State to Pass New Digital Privacy Law

As a website provider, we know and understand how important it is to stay compliant with industry guidelines. The VGM Forbin team wants to ensure your business is abreast of the latest privacy act that will be enacted in Colorado but first we will give you an overview of the landscape.

The topic of privacy in relation to the data collected on a site has been growing quickly across Europe and the United States. These are the digital privacy laws that have been passed so far:

General Data Protection Regulation (GDPR)

GDPR is a standard adopted by the European Parliament and regulates how websites collect data and notify website users of data collection. Websites accessed by EU residents and citizens must allow customers to opt into or out of collecting their personal data, request that a business disclose what information has been collected, request changes or deletions of data and clearly state privacy policies on the site. The GDPR was the first policy of its kind and started to be enforced overseas in 2016.

California Consumer Privacy Act (CCPA)

CCPA stands for the California Consumer Privacy Act and was passed in 2018, becoming effective January 1,2020. California has been leading the way in the US for web privacy requirements as lawmakers find gaps in internet regulations. The requirements are meant to protect the consumers’ right to choose how their personal information is dispersed. Businesses are required to give consumers certain notices explaining their privacy practices.

California Privacy Rights Act (CPRA)

The CPRA is a law that was enacted so people can opt out of both the sale and sharing their personal information to third parties. This law will take full effect in 2023.

Virginia Consumer Data Protection Act (VCDPA)

Virginia was the second state that enacted this privacy law following California, which was enacted on March 2, 2021 and will go into effect January 1, 2023. VCDPA is similar to CCPA with the absence of revenue threshold. The requirements control the personal data of at least 100,000 consumers a year. The VCDPA also controls the personal data of at least 25,000 consumers and at least 50% of its gross revenue from the sale of personal data.

Colorado Privacy Act (CPA)

Colorado has joined California and Virginia in passing a Comprehensive Data Privacy Law to protect state residents which makes Colorado the third state to enact this privacy act at this time. The Act was passed on June 7, 2021 and the Governor signed the comprehensive data privacy bill on July 7. This law will go into effect on July 1, 2023.

The big question is how does CPA compare to all the other privacy laws?

The CPA is extremely similar to CCPA and VDCPA, but here are a few minor points that make it unique.

Similarities Include the Following:

  • The CPA has similar data policies to the CCPA and VCDPA

  • Under the CPA has 45 days to respond to consumer requests

  • The right to access, correct, delete, and opt out of the processing of personal data for targeted advertising and the sale of personal data

Differences Include the Following:

  • CPA defines consumers as residents

  • The CPA does not have a revenue-based applicability threshold

  • The CPA applies to non-profit entities that meet its criteria

  • CPA only applies to entities that conduct business in Colorado or target goods or services to Colorado residents

  • CPA controls process the personal data of at least 100,000 Colorado consumers during a year

These will continue to be adopted by other states and may apply to more standard business sizes as they grow in popularity. If your business is required to follow CPA guidelines, reach out to VGM Forbin for help! We build secure websites that meet today’s landscape AND have a solution to install on your site that will keep you compliant with all of the afore mentioned data privacy laws.

VGM Forbin’s Digital Privacy Compliance Solution Includes:

  • Cookie banner to obtain clear consent to use cookies on site visitors

  • GDPR/CCPA content will be incorporated into policy pages to clearly state how long personal data will be retained and how it will be utilized

  • GDPR/CCPA text and check boxes will be incorporated into each form so that clear consent can be obtained to use data collected on the site

  • Cookie tracking will be implemented across the site for user control

  • GDPR/CCPA Trust Certification badge

If you’re interested in adding this solution to your website, contact us today!