<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

Human Error: The Pitfalls of Manual SAR Response

In the age of information, organizations have increased the amount of consumer data housed in structured and unstructured environments. As consumers become increasingly aware of this and what their rights are under current and future legislation, the number of data subject access requests is increasing. According to Automated Intellegence, “A body which represents UK data protection officers has reported that there’s been a 66% increase in the average number of DSARs received” (Automated Intelligence, 2021)”

All Posts

The Colorado Privacy Act Has Passed, What's Next?

It is official - Governor Jared Polis has signed the bill making the Colorado Privacy Act the latest enacted state legislation, joining California and Virginia. But what are we going to see out of the Colorado Privacy Act that's different from CCPA and CDPA? 

  • There are no revenue thresholds as seen in other legislation. A company must adhere if it "controls or processes the personal data of at least 100,000 consumers" or "derives revenue or receives a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of 25,000 consumers or more."
  • The sale of consumer data, in the Colorado Protection Act, is defined as “the exchange of personal data for monetary or other valuable consideration by a controller to a third party" much like the CCPA. 
  • Consumers are protected if "acting in an individual or household context," but are excluded if qualified as a consumer through "a commercial or employment context, as a job applicant..."
  • Exemptions are detailed, but a full exemption is not provided for health care controllers with HIPAA information.
  • Data controllers have a duty of transparency, purpose specification, data minimization, to avoid secondary use, a duty of care, to avoid unlawful discrimination, a duty regarding sensitive data. Click here to learn more about controller duties. 
  • The Colorado Privacy act addresses consumer data protection by saying controllers cannot perform an activity “that presents a heightened risk of harm to a consumer without conducting and documenting a data protection assessment of each of its processing activities.” 

This last bullet point is going to present a large task to organizations with the requirement of impact assessments. "Companies who aren't already doing this under the GDPR are not going to have the tools and knowledge necessary to complete these yet," says Dan Clarke, President of Truyo. That's why we've created our Privacy Impact Assessment tool to help organizations prepare for this Colorado Privacy Act requirement that can be overwhelming.

Truyo recommends that you start preparing for this requirement sooner than later. If you are already a Truyo customer, reach out to your Truyo representative or email hello@truyo.com to add this service. If you are not yet a Truyo client, click here to learn more. 

Ale Johnson
About Ale Johnson
Ale Johnson is the Marketing Content Specialist at Truyo.
Recent Posts

Human Error: The Pitfalls of Manual SAR Response

In the age of information, organizations have increased the amount of consumer data housed in structured and unstructured environments. As consumers b...

Amazon’s Record-Setting Privacy Fine: What You Need to Know

Last month Amazon was hit with the highest personal data fine to date. A whopping $886.6 million (746 million euros) fine was levied against the corpo...

Say Hello to House Bill 376, the Proposed Ohio Personal Privacy Act

Ohio is joining the likes of Massachusetts, New York, and Texas by introducing a privacy bill. The Ohio Personal Privacy Act (House Bill 376) would ap...

The Colorado Privacy Act Has Passed, What's Next?

It is official - Governor Jared Polis has signed the bill making the Colorado Privacy Act the latest enacted state legislation, joining California and...