<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

A Guide to Privacy Impact Assessments for CPRA, CPA, and VCDPA

In the United States, assessments are quickly becoming one of the trending requirements of new legislation and proposed bills. CPRA, CPA, and VCDPA all have privacy impact assessment requirements, and as 2023 approaches rapidly organizations should be thinking about how to complete assessments, where to store them, and reporting on assessment outcomes.

All Posts

Colorado House Votes on SB190, Senate Reconciliation is Next

Updated 6/9/21 @ 11am: The Colorado Senate unanimously voted 34-0 on concurrence and final passage of SB190. It now heads to Gov. Polis, who will have 10 days to sign or explicitly veto it.CPA applies to businesses collecting data on more than 100,000 individuals, or those earning revenue from the data of more than 25,000 consumers. It includes standard data subject rights, an opt-out consent model with a universal opt-out mechanism, and a right to cure, all subject to normal AG rule-making and enforcement.

CPA is effective July 1, 2023 unless vetoed by the Gov. The biggest difference when compared to Virginia or CPRA is the broad requirement (with fewer exemptions) for data protection privacy assessments.

A more specific compliance issue Colorado presents, according to attorney David Zetoony, is the required data protection assessment. Such examinations are also required in the Virginia Consumer Data Protection Act, but Colorado does not exempt companies from these assessments like Virginia.

Original Post

The Colorado Privacy Act SB190 has passed the Colorado House of Representatives by a vote of 57-7. While the bill must return to the Senate for final reconciliation of amendments made by the House, it’s most likely. Unless the Governor vetos it, which is improbable, the amendments will be reconciled in the next few days.

There were minor updates to the definition of pseaudoanonymous data, how agents operate, and a modest narrowing of the scope - but most importantly there was clarification that it does not form a basis for private action.

All of the proposed amendments, according to Truyo president Dan Clarke, are more than reasonable and very unlikely to keep the Colorado State Senate from passing SB190. We have seen other state Houses propose amendments that alter bills in a way that makes it highly unlikely to pass the Senate vote. In this case, we anticipate that the United States will have another state with an omnibus privacy regulation when the session concludes.

 

Ale Johnson
About Ale Johnson
Ale Johnson is the Marketing Content Specialist at Truyo.
Recent Posts

A Guide to Privacy Impact Assessments for CPRA, CPA, and VCDPA

In the United States, assessments are quickly becoming one of the trending requirements of new legislation and proposed bills. CPRA, CPA, and VCDPA al...

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, ...

Log4J Vulnerability Update

At Truyo we take data privacy and security very seriously. Recently a security vulnerability was reported in the open-source Java library “Log4J” that...

Forrester Wave Announcement: Truyo Named Strong Performer

Report notes Truyo’s “management and fulfillment of individual privacy rights capabilities are some of the best in the market ” PHOENIX (Dec. 09, 2021...