Most of the modern state data privacy laws have attempted to exclude from their jurisdictional reach organizations that process de minimis amounts of personal information. The state statutes create different thresholds for what constitute de minimis processing base those thresholds largely on whether the organization sells personal information. The net result is that most states
Colorado Privacy Act
Comparing and Contrasting the State Laws: Does Pseudonymized Data Exempt Organizations from Complying with Privacy Rights?
Some organizations are confused as to the impact that pseudonymization has (or does not have) on a privacy compliance program. That confusion largely stems from ambiguity concerning how the term fits into the larger scheme of modern data privacy statutes. For example, aside from the definition, the CCPA only refers to “pseudonymized” on one occasion…
Is all consent created equal? How the different privacy statutes treat the standard for consent.
Consent plays a role in almost all modern privacy statutes. In some privacy statutes, like the GDPR, it can function as one of many lawful purposes to process data. In other privacy statutes, like the VCDPA and the CPA, it is mandated for certain types of data processing (e.g., sensitive category data processing). How consent…
What is de-identified data?
The terms “deidentified” and “deidentification” are commonly used in modern privacy statutes and are functionally exempt from most privacy- and security-related requirements. As indicated in the chart below, differences exist between how the term was defined in the California Consumer Privacy Act (CCPA) and how it was defined in later state privacy statutes set to…
Under the Colorado Privacy Act, will companies be required to offer consumers the ability to opt out of behavioral advertising if they have already received opt-in consent?
The Colorado Privacy Act, which is scheduled to go into effect in 2023, states that a consumer “has the right to opt out of the processing of personal data” for the purposes of “targeted advertising.”1 Unlike other state statutes, such as the CPRA, the Colorado Privacy Act does not contain an exemption for situations…
Oct. 21 Webinar | New Colorado Privacy Law, Effective July 2023: What Attorneys Need to Know
On Thursday, Oct. 21, David A. Zetoony, Co-Chair of the U.S. Data Privacy and Cybersecurity practice, will present the webinar “New Colorado Privacy Law, Effective July 2023: What Attorneys Need to Know.” On July 7, 2021, Colorado officially became the third state to pass broad consumer privacy legislation when Gov. Jared Polis signed the…
UPDATED FOR COLORADO: What is considered sensitive personal information?
Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not…
July 20 Webinar | The Colorado Privacy Act: What You Need to Know & How to Prepare
Join GT’s David Zetoony and Truyo’s Dan Clarke on Tuesday, July 20 at 11 a.m. EST (8 a.m. PST) for a webinar on the Colorado Privacy Act, the last state legislation to pass. The webinar will explore what the legislation entails and how you can prepare for the Colorado Privacy Act effective date.
Get…
Financial institution confusion: Are financial institutions fully exempt from the CCPA, CPRA, VCDPA, and CPA?
The Gramm–Leach–Bliley Act (GLBA) and its implementing regulations impose privacy requirements when financial institutions collect “nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes.”[1] GLBA does not apply, however, when a financial institution collects information about individuals “who obtain financial products or services for business,…
The Colorado Privacy Act: How Does it Stack Up Against the VCDPA?
Colorado is the third state, after California and Virginia, to get a comprehensive data privacy statute through its legislature. While the Colorado Privacy Act (CPA) awaits signature by Gov. Polis, businesses are assessing to what extent the CPA will impact their privacy programs.
The following provides a high-level cross-reference to help companies compare and contrast…