Colorado Governor Signs Data Protection Bill into Law

by | Jun 5, 2018

In Colorado bill HB 1128 has been signed into law by Governor John Hickenlooper. This bill enhances security for consumer data in the state of Colorado. The bipartisan bill, sponsored by Reps. Cole Wist (R) and Jeff Bridges (D) and Sens. Kent Lambert (R) and Lois Court (D), was unanimously passed by the Colorado State Legislature. The bill will take become enforceable on September 1, 2018.

From that date organizations conducting business the state of Colorado must adapt reasonable security measures and practices to ensure the personal identifying information (PII) of state residents is secured. The bill also minimizes the time for making the state attorney general aware of  breaches of PII and sets in places new rules for disposing of PII when it is no longer needed.

Personal information is classified as first name and last name or first initial and last name along with any of the following data elements (when not encrypted, redacted, or safeguarded by another means that renders the information unreadable):

  • Social Security details
  • Student Identification number
  • Military ID information
  • Passport credentials
  • Driver’s license number or ID card
  • Medical info and history
  • Health insurance policy number
  • Biometric data
  • Email addresses along with passwords or security Q&As
  • Banking account numbers, and credit cards and debit cards with associated security codes that would grant access/use

Covered organizations must implement and maintain “Reasonable security procedures and practices that are appropriate to the nature of the personal identifying information and the nature and size of the business and its operations.” Those tactics should protect PII from unauthorized access, amendment, disclosure, and destruction. In cases where PII is shared to a third party, the covered body must ensure the third party also has reasonable security measures established.

A written policy must be developed by all firms that manage the personal data of Colorado citizens covering the disposal of that information when it is no longer needed. Electronic data and physical documents listing PII must be disposed of securely. The bill implies that  “shredding, erasing, or otherwise modifying the personal identifying information in the paper or electronic documents to make the personal identifying information unreadable or indecipherable through any means.”

 

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy