Colorado Gov. John Hickenlooper last week signed bipartisan bill HB18-1128, “Protections for Consumer Data Privacy,” officially setting in place some of the most stringent requirements for personal information data disposal and data breach notification in place in any U.S. state.

The new law requires organizations to maintain a policy for disposing documents with consumer data and notify Colorado residents of any potential personal information exposure no later than 30 days after discovering a data breach. The 30-day notification window does not provide for any specific exemptions and is the shortest of any state.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]