Colorado lawmakers have introduced legislation that would change how personally identifiable information is protected, transferred, secured and disposed of under state law, the National Law Review reports. The bipartisan legislation would also expand the umbrella of what is covered under the state’s breach notification law and add additional requirements for companies that suffer a data breach. Under the legislation, entities would also have to notify the attorney general of “any unauthorized acquisition of unencrypted or encrypted computerized data that compromises the security, confidentiality, or integrity of personal information maintained by an individual or commercial entity.” Organizations would need to make that notification “as soon as practicable but not later than seven days after discovery of the unauthorized acquisition of data if such unauthorized acquisition affected or is reasonably believed to have affected five hundred Colorado residents or more.”
Full Story
Comments
If you want to comment on this post, you need to login.