Privacy Policy

Frequently Asked Questions

What is the Colorado Privacy Act?

The Colorado Privacy Act is a comprehensive privacy law that sets rules for how businesses collect, use, and share personal information about Colorado residents. The law defines personal information as any information that is linked or reasonably linkable to an identified or identifiable individual, and includes things like name, address, email address, and social security number.

Who does the CPA apply to?

The CPA applies to businesses that conduct business in Colorado or target Colorado residents with their products or services and meet one of the following criteria:

Controls or processes the personal data of at least 100,000 Colorado residents per year

Derives revenue or receives a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of at least 25,000 Colorado residents per year

The law also applies to third-party service providers that process personal information on behalf of covered businesses.

When does the CPA go into effect?

The CPA goes into effect on July 1st, 2023.

Why is the CPA a thing?

The CPA is intended to provide Colorado residents with greater control over their personal data and to give them the ability to access, correct, and delete that data. The law is also designed to promote transparency in data processing practices and to ensure that businesses that collect, process, and share personal information are held accountable for their actions.

How can businesses comply with the CPA?

To comply with the CPA, businesses must:

Provide Colorado residents with notice: Businesses must provide Colorado residents with a clear and conspicuous notice that describes their data processing practices, including the categories of personal information they collect, the purposes for which they use that information, and the categories of third parties with whom they share that information.

Obtain consent: Businesses must obtain Colorado residents' consent before processing their sensitive personal information, such as health information, financial information, or information about race or ethnicity.

Provide access, correction, and deletion rights: Businesses must provide Colorado residents with the right to access, correct, and delete their personal information. Businesses must also provide Colorado residents with the right to opt-out of the sale of their personal information.

Ensure data security: Businesses must implement reasonable security measures to protect personal information from unauthorized access, destruction, use, modification, or disclosure.

Appoint a privacy officer: Businesses must appoint a privacy officer who is responsible for ensuring compliance with the CPA.