The Information Accountability Foundation wrote a blog outlining the unique requirements for data protection assessments under the Colorado Privacy Act. When Colorado regulations take force in July, covered entities must conduct assessments with first-of-their-kind obligations, according to IAF's analysis of assessment provisions in other domestic or global jurisdictions. IAF plans to launch "The Colorado Project," which will work to form a Colorado assessment template that considers "the breadth of parties to be considered and a description of what significant risk might entail."
Complying with Colorado's data protection assessment requirements
RELATED STORIES
Controllers, processors and subprocessors in chains
Notes from the IAPP Canada: Recommendations, calls to reform Privacy Act 'a good start'
A view from DC: Marriott and the minimum extent necessary
Retrospective: 2024 in state sectoral privacy law and AI law
Notes from the Asia-Pacific region: India's PM talks global governance for digital technology