Colorado Enacts Protections for Consumer Data Privacy Act: Key Takeaways for Businesses and Consumers

Colorado’s Protections for Consumer Data Privacy Act requires businesses, including employers, banks, healthcare providers, insurers, and online companies, to notify individuals of data breaches within 30 days. While more lenient than the EU’s GDPR 72-hour rule, the law strengthens consumer privacy protections and mandates detailed disclosure of compromised personal identifying information (PII).