The Colorado Attorney General (AG) recently published proposed rules for the Colorado Privacy Act (CPA). These draft rules shed light and clarify how the Attorney General plans to carry out the CPA when it goes into effect on July 1, 2023. These proposed CPA rules are a draft that is not yet finalized and therefore are subject to change. In the upcoming months, the Colorado AG will engage with key stakeholders and the public on feedback regarding these proposed rules. While the draft CPA draft rules are months away from finalization, the proposed rules are intended to help entities understand the AG’s requirements for when the CPA becomes effective. Below are a few key highlights of the draft CPA rules as they currently stand, which supplement the AG’s prior guidance from April 2022.

Continue Reading Colorado AG Publishes CPA Proposed Rules

It was not long ago that data privacy was an afterthought for many companies, and in some regards, it may still be an afterthought. Since 2018, major laws and regulations governing companies’ collection, use, and disclosure of personal information have been enacted, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) (amended by the California Privacy Rights Act, and soon to be joined by similar state privacy laws in Colorado, Connecticut, Indiana, Virginia, and Utah), Strengthening American Cybersecurity Act, and state data breach notification laws.
Continue Reading The Changing Landscape of Privacy and Data Security in Mergers and Acquisitions

Recently, multiple states have enacted and passed new data privacy laws and bills (Colorado, Virginia, Utah, California Privacy Rights Act, Connecticut, Indiana, and Ohio). Rightfully so, these laws and bills have garnered much of the media attention. However, in the midst of all the new state data privacy laws, new bills regulating “data brokers” have begun to emerge. To no surprise, California is leading the way with its Data Broker Registration Law, which was enacted in 2019.
Continue Reading Am I A Data Broker?: A Quick Primer on State Laws Regulating a Growing Industry

1, 2, 3, 4, 5 … you know how the song goes! Connecticut recently became the fifth state to adopt a comprehensive data privacy law. The new act titled “An Act Concerning Personal Data Privacy and Online Monitoring,”(the “Act”) takes effect July 1, 2023. As we expected, more and more states are continuing to join the ever-growing Privacy Party. Before getting on the privacy dance floor, here is what you need to know about Connecticut’s new privacy law.
Continue Reading Mambo No. 5: Connecticut Becomes the Fifth State to Join the Privacy Party