Regulatory and Industry News Alerts from Armanino

Colorado Personal Data Privacy Protection Law Signed by Governor

by Mirena Taskova, Pippa Akem
July 08, 2021

Colorado has joined the rising trend of U.S. states enacting local rules to protect their residents’ personal data. The Colorado General Assembly passed “Senate Bill 21-190 an Act Concerning additional protection of data relating to personal privacy” (SB 21-190), which was signed into law by the Governor on July 7, 2021.

Details of the Bill

SB 21-190 establishes personal data privacy rights for the state’s residents and applies to legal entities conducting business or producing commercial products or services targeted to Colorado residents that either:

  • Control or process personal data of more than 100,000 consumers per calendar year
  • Derive revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers

The bill doesn’t apply to certain specified entities, personal data governed by listed state and federal laws, listed activities and employment records. Consumers also have the right to opt out of the processing of their data; obtain a portable copy of their data; and access, correct or delete that data.

Next Steps

SB 21-190 will go into effect on July 1, 2023. You can view the full text and history of the bill here.

For more information about data privacy legislation or strengthening your organization’s privacy program, contact one of Armanino’s experts.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Mirena Taskova - Managing Director, Privacy & Cybersecurity - San Jose CA | Armanino
Managing Director, Head of Privacy and Cybersecurity
Related News and Insights
Top Risks Organizations Will Face in 2022
Understand ESG, data privacy and other key risk areas and how to avoid them.

March 29, 2022 | 11:00 AM - 12:00 PM PT
Impact of the California Privacy Rights Act on Your Organization
How will the California Privacy Rights Act (CPRA) affect your organization and the way it uses artificial intelligence?

February 23, 2022 | 10:00 AM - 11:00 AM PT
6 Microsoft SSPA Compliance Considerations for Third-Party Service Providers
To avoid lost deals, businesses providing services to Microsoft suppliers need to follow Microsoft’s data privacy rules.

November 23, 2021