Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

What is the Colorado Privacy Law?

On September 1, 2018, the Colorado Protections for Consumer Data Privacy law, HB 18-1128, goes into effect. A bi-partisan group introduced HB 18-1128 in January, and after the usual negotiations,...
Michael Buckbee
2 min read
Published August 31, 2018
Last updated October 22, 2021

On September 1, 2018, the Colorado Protections for Consumer Data Privacy law, HB 18-1128, goes into effect. A bi-partisan group introduced HB 18-1128 in January, and after the usual negotiations, the Legislature passed it unanimously. The new Privacy Law provisions are part of the Colorado Consumer Protection Act (“CCPA”), in a continued effort to protect personal data.

Colorado is getting the message. Data privacy and security are important – and companies need to be held accountable.

What Data Does HB 18-1128 Protect?

The new Colorado legislation specifies exactly what kind of personal data companies need to track regarding Colorado residents. HB 18-1128 defines Personal Identifiable Information (PII) for Colorado residents as a first and last name with any one or more of these other PII:

  • Social Security Number
  • Student, Military, or Passport ID number
  • Driver’s License Number
  • Medical Information
  • Health Insurance ID number
  • Biometric data
  • Username or email address with password and/or security questions and answers
  • Credit Card number with PIN/ access code/ password

HB 18-1128 applies to Colorado residents, but any company that manages PII for Colorado residents need to be aware of this new legislation.

How Long Do I Have to Report a Data Breach?

HB 18-1128 requires organizations to notify Colorado residents within 30 days of the discovery of a data breach where their PII was involved.

If there are more than 500 Colorado residents involved, companies have to notify the Colorado State Attorney General’s office. The law enables the Attorney General to prosecute violations of the new law.

What Else Does the Bill Say?

HB 18-1128 requires organizations to implement reasonable controls and safeguards to protect PII. If that sounds familiar, the EU GDPR, California, and Massachusetts have also used similar language to articulate that same idea – data security, especially on personal information, is super important.

What Can I Do To Comply With the New Colorado Privacy Law?

First, ask yourself about your company’s overall preparedness level to deal with a cyberattack.

Second, review best practices and recommended data security strategies outlined in resources like NIST and SANS – and determine how your company can apply these security principles.

Third, review your data breach procedures, and make sure you’ve got solutions in place to help identify PII, protect sensitive data, and detect potential security breaches.

The Varonis Data Security platform is the core of an effective data security strategy to protect your company from data breaches. Varonis discovers, identifies, and monitors PII on your core data stores, and detects (and alerts on) any abnormal or unlawful access to that data.

Get a 1:1 demo and learn how to discover where your Colorado related PII lives and how to meet the new privacy laws – get a head start on compliance with HB 18-1128 and protect your data wherever it lives.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

maximize-your-roi:-maintaining-a-least-privilege-model
Maximize your ROI: Maintaining a Least Privilege Model
TL;DR: Managing permissions can be expensive. For a 1,000 employee company, the overhead of permissions request tickets can cost up to $180K/year. Automating access control with DataPrivilege can save $105K/year...
11-best-malware-analysis-tools-and-their-features
11 Best Malware Analysis Tools and Their Features
An overview of 11 notable malware analysis tools and what they are used for, including PeStudio, Process Hacker, ProcMon, ProcDot, Autoruns, and others.
last-week-in-microsoft-azure:-week-of-may-24th
Last Week in Microsoft Azure: Week of May 24th
This week’s review covers the retirement of IE 11, new Azure compliance certifications, and performing Terraform code analyses in Azure DevOps pipelines
illinois-privacy-law-compliance:-what-you-need-to-know
Illinois Privacy Law Compliance: What You Need to Know
The Illinois Personal Information Protection Act (PIPA) is designed to safeguard the personal data of Illinois residents. Learn what PIPA is, who it affects, and how to maintain compliance.