On May 8, 2024, Colorado’s legislature enacted “An Act Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (SB205), a state law that comprehensively regulates the use of certain “Artificial Intelligence (AI)” systems.[1] The law is aimed at addressing AI bias, establishing a requirement of human oversight throughout the life cycle of

Greenberg Traurig Data Privacy & Cybersecurity attorneys David A. Zetoony, Co-Chair of the U.S. Data Privacy and Cybersecurity Practice, and Andrea C. Maciejewski will participate in the Rocky Mountain Information Security Conference June 7-9 in Colorado. On June 7 at 8:00 a.m. MDT, David and Andrea will present the International Privacy Law Update during

Several modern state data privacy statutes refer to precise geolocation information as a “sensitive” category of personal information. What constitutes precise geolocation information differs slightly between and among states. The following table provides a side-by-side comparison of the how the states have defined the term.

Click here for a side-by-side comparison of the how the

Most modern state data privacy laws exempt from their definition of personal information “publicly available information.” What constitutes publicly available information differs between state privacy laws and may not correlate to the lay definition understood by many businesses and individuals. For example, while some businesses may consider information available on the internet “publicly available information

Modern state privacy laws have attempted to carve out organizations that process de minimis amounts of personal information, or whose business activities do not monetize data. The specific thresholds used, however, differ between states. The following provides a comparison of the thresholds that each statute creates for organizations that are subject to regulatory compliance obligations:

The Colorado Privacy Act, which is scheduled to go into effect in 2023, states that a consumer “has the right to opt out of the processing of personal data” for the purposes of “targeted advertising.”1 Unlike other state statutes, such as the CPRA, the Colorado Privacy Act does not contain an exemption for situations

On Thursday, Oct. 21, David A. Zetoony, Co-Chair of the U.S. Data Privacy and Cybersecurity practice, will present the webinar “New Colorado Privacy Law, Effective July 2023: What Attorneys Need to Know.” On July 7, 2021, Colorado officially became the third state to pass broad consumer privacy legislation when Gov. Jared Polis signed the

The Gramm–Leach–Bliley Act (GLBA) and its implementing regulations impose privacy requirements when financial institutions collect “nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes.”[1] GLBA does not apply, however, when a financial institution collects information about individuals “who obtain financial products or services for business,

Colorado is the third state, after California and Virginia, to get a comprehensive data privacy statute through its legislature. While the Colorado Privacy Act (CPA) awaits signature by Gov. Polis, businesses are assessing to what extent the CPA will impact their privacy programs.

The following provides a high-level cross-reference to help companies compare and contrast