The popularity of the internet makes it easier for businesses to reach their target audience. When customers avail of products or services, the company collects, processes, and stores their data. Although most sites have their data policy, it may not always be clear or easy to understand for users. So, they often end up agreeing to something they don’t fully understand.
The Colorado Privacy Act answers this concern. It may not take effect until July 21, 2023. Still, all companies it covers should start reviewing their privacy or data policy as early as now and update whatever needs to be updated to ensure compliance with the law. The Colorado organizations and individuals included in the act are:
- Those that process or control data of 100,000 consumers or higher per year.
- Those that earn from selling personal data with 25,000 consumers or higher per year.
Understanding the content of the act helps prepare your business better for its rollout. Below are the consumer privacy rights that it covers:
- Access to personal data.
- Opt out from processing their data.
- Correct or delete their data.
- Get a copy of their data.
Moreover, the act wants businesses to provide various options for consumers to opt out easily from having their data sold to other companies or organizations or used for targeted advertisements. It’s also something you need to consider to ensure you wouldn’t have problems when they start implementing the rules. As a company that uses the data of consumers and falls under the act, you have the following obligations:
- Give a privacy notice to consumers clearly stating what data you will collect and how you will use it. It should also say if you will share the data with third parties and which third parties those are. Consumers should also know how and where to practice their privacy rights.
- Data collection should be appropriate to its purpose.
- Process data only for its intended purpose unless the consumers consent to its use for other means.
- Ensure data is safe from unauthorized access.
- Get consent for processing sensitive information.
- Assess the risk of processing data that may harm consumers.
- Do not process data that violates laws on unlawful discrimination against consumers.
If your business is included in those impacted by the Colorado Privacy Act, review your data policy as early as now and make the necessary changes for compliance.