Colorado

Subscribe to Colorado

With the signature of Governor Jared Polis last week on the Colorado Privacy Act, Colorado became the third state (following California and Virginia) to adopt a comprehensive consumer privacy law.

We will provide you with a more comprehensive summary of the new Virginia and Colorado laws in the coming weeks, but for now, the highlights

Last week, Impact MHC, a Colorado-based mobile home park management company, agreed to pay $25,000 to the Colorado Attorney General’s office and implement new security measures after a data breach of more than 15,000 individuals’ personal information, including 719 Colorado residents. If Impact fails to implement such security measures (such as creating a written information

Speaking of security education and training, the National Cybersecurity Center this week launched a new initiative to offer cyber-hygiene and IT security sessions to elected state government officials and their staff for FREE. The training sessions are getting a financial boost from Google and bipartisan support from Secretaries of State Frank LaRose (R-Ohio) and

Last week, the Tex-Mex restaurant chain On the Border suffered a data breach that impacted its payment acceptance systems in 27 states. The restaurant says that some credit card information of customers who visited the chain between April and August 2019 may have been compromised. In a press release, On the Border representatives said, “Our

Last week, on the two-year anniversary of the small Unmanned Aircraft Systems (UAS) rule (or Part 107), a report was released by the Association of Unmanned Vehicle Systems International (AUVSI) stating that the Federal Aviation Administration (FAA) has granted approximately 2,000 waivers since the inception of Part 107. Part 107 sets forth certain parameters and

With Independence Day fireworks now coming to an end, many cities in the Western United States are talking about the wildfire liability that comes with the use of fireworks over drought-stricken land. The alternative to fireworks? Well, possibly drones. This year in Aspen, Colorado, the city put on its annual Fourth of July show using

Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health center, for alleged HIPAA violations. The fine, a whopping $400,000 for the center, which provides health care services to low income patients, settled alleged HIPAA violations of failing to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI…and to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.”

The problem is that OCR has never provided guidance on what this phrase means. What qualifies in its opinion as an “accurate and thorough assessment?” What are security measures that are “reasonable and appropriate?” The terms are inherently subjective and could move with the facts or the particular OCR investigator.
Continue Reading OCR Levies Hefty Fine Against FQHC

Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning

This week, the Federal Trade Commission (FTC) and ten states settled charges against the Florida-based cruise line, Caribbean Cruise Line, Inc. (CCL), for an illegal telemarking campaign that inundated consumers with billions of unwanted robocalls. In settling these charges, CCL’s owner, Fred Accuardi, and all of his companies are barred from robocalling and illegal telemarketing.