DENVER—Today, the governor signed legislation that will require greater protections for consumer’s personal online data. House Bill 18-1128, sponsored by Assistant Minority Leader Cole Wist (R-Centennial), will require government and private entities to develop policies for the safe retention and disposal of records that contain personal identifying information as well as the prompt notification if a breach has occurred.
Representative Wist made the following statement regarding the newly signed bill:
“Consumers place a great deal of trust in online businesses or government entities to protect their personal information, and in return, I believe those entities should have adequate security measures and policies to immediately notify consumers if that information is compromised. Having been a victim of identity theft, I am comforted knowing this new law will help keep other online consumers’ data safe.”
Specifically, the bill requires each governmental and private entity in the state that maintains data containing personally identifying information to: develop a written policy ensuring all unneeded records are completely destroyed and rendered unreadable; implement and maintain adequate security measures against data breaches; notify affected individuals if a breach has compromised their personal information no later than 30 days after the breach; and notify the Colorado Attorney General within 30 days if the breach is believed to have affected 500 or more people.
House Bill 18-1128 passed both chambers with unanimous support, and will take effect on September 1, 2018.