Regulatory and Industry News Alerts from Armanino

Colorado Personal Data Privacy Protection Law Signed by Governor

by Mirena Taskova, Pippa Akem
July 08, 2021

Colorado has joined the rising trend of U.S. states enacting local rules to protect their residents’ personal data. The Colorado General Assembly passed “Senate Bill 21-190 an Act Concerning additional protection of data relating to personal privacy” (SB 21-190), which was signed into law by the Governor on July 7, 2021.

Details of the Bill

SB 21-190 establishes personal data privacy rights for the state’s residents and applies to legal entities conducting business or producing commercial products or services targeted to Colorado residents that either:

  • Control or process personal data of more than 100,000 consumers per calendar year
  • Derive revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers

The bill doesn’t apply to certain specified entities, personal data governed by listed state and federal laws, listed activities and employment records. Consumers also have the right to opt out of the processing of their data; obtain a portable copy of their data; and access, correct or delete that data.

Next Steps

SB 21-190 will go into effect on July 1, 2023. You can view the full text and history of the bill here.

For more information about data privacy legislation or strengthening your organization’s privacy program, contact one of Armanino’s experts.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Mirena Taskova - Managing Director, Privacy & Cybersecurity - San Jose CA | Armanino
Managing Director, Head of Privacy and Cybersecurity
Related News and Insights
Regulatory and Industry News Alerts from Armanino
The European Commission’s latest decision allows personal data to flow freely from the U.K. to the EU.

July 08, 2021
How to Start Building a Secure Data Privacy Program
Aligning to a framework, such as Microsoft’s SSPA, can help you protect internal and customer data.

June 29, 2021
Regulatory and Industry News Alerts from Armanino
 New rules for data transfers from controllers or processors in the EU/EEA to those outside the EU/EEA.

June 22, 2021