New Colorado Breach Notification Rules Signed Into Law

Colorado has enacted a new data breach notification law that contains some of the most stringent requirements in the US.

Dark Reading Staff, Dark Reading

June 7, 2018

1 Min Read
Dark Reading logo in a gray background | Dark Reading

If your company has customers in Colorado, get ready to revamp your policies notifying victims of a data breach. Last week, Gov. John Hickenlooper signed into law requirements for notification that are the most stringent in the nation.

Under the new law, if an individual's personal information is part of a breach, he must be notified within 30 days after discovery — no exceptions. In addition, the law, passed with bipartisan support, broadens the definition of personally identifying information to including health care and financial data.

The new notification requirement will have a special impact on organizations that must notify individuals of a HIPAA breach because it takes precedence over the federal 60-day notification window.

Notification requirements include telling affected individuals which data was released and the estimated data of the breach.

For more, read here.

 InSecurityvplug-368592_DR18_DR-VE-Logo-Signature.png

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. 

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights