Leveraging Knowledge to Manage Your Data Risks
This week, the Colorado Supreme Court upheld a criminal conviction which relied in part on evidence obtained pursuant to a warrant for Google search data. People v. Seymour, 2023 CO 53 (Oct. 16, 2023) (available at http://www.courts.state.co.us).
In investigating the cause of a 2020 apparent arson fire at a Denver residence which resulted…
This week, the California Superior Court ruled that the California Privacy Protection Agency (CPPA) cannot begin enforcement of the California Privacy Rights Act (CPRA) until March 2024. The ruling stems from a lawsuit filed by the California Chamber of Commerce which argued that state businesses would not have enough time to prepare for the upcoming…
Colorado Attorney General Phil Weiser’s office recently published an updated version of the draft rules governing the Colorado Privacy Act, which goes into effect on July 1, 2023. The updates build upon the original draft rules published on October 10, 2022, and are based on input received by the AG’s office through December 2, 2022.…
Government offices and public services in Fremont County, Colorado, have been disrupted since August 17, 2022, due to a “cybersecurity event affecting our county computer systems.”
As of the official update issued August 24, 2022, “all of the county’s buildings remain closed. This includes administration and public health buildings.”
The update reveals how difficult it…
Ramping up its continued focus on data privacy, on June 8, 2022, Colorado Governor Jared Polis signed into law legislation aimed to limit the use of facial recognition technology by government agencies and state institutions of higher education.
The legislation, SB 113, requires an agency – defined as “an agency of the state government…
Connecticut Governor Ned Lamont signed the Personal Data Privacy and Online Monitoring Act (CPDPA) into law on May 10, 2022, making Connecticut the most recent state to pass its own privacy law in the absence of comprehensive federal privacy legislation. Connecticut follows in the steps of Nevada, California, Virginia, Colorado and Utah in enacting its…
The newest state data privacy law, the Utah Consumer Privacy Act (the Act), was signed into law by Utah Governor Spencer J. Cox on March 24, 2022. This makes Utah the fifth state to pass its own privacy law instead of waiting for the federal government to enact a nationwide federal law.
There are other…
The European Union’s General Data Protection Regulation (GDPR) first launched the concept of data minimization, which states that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. This seems like a simple concept: an entity should only collect personal information that is…
With the passage of the Colorado Privacy Act, Colorado joins Virginia and California as early adopters of state-level privacy legislation. These laws impose higher restrictions on companies processing specific sensitive categories of data that reveal information such as sexual orientation and ethnic origin. However, the law remains unclear on what constitutes “revealing” information. For example,…
With the signature of Governor Jared Polis last week on the Colorado Privacy Act, Colorado became the third state (following California and Virginia) to adopt a comprehensive consumer privacy law.
We will provide you with a more comprehensive summary of the new Virginia and Colorado laws in the coming weeks, but for now, the highlights…
