The Information Accountability Foundation wrote a blog outlining the unique requirements for data protection assessments under the Colorado Privacy Act. When Colorado regulations take force in July, covered entities must conduct assessments with first-of-their-kind obligations, according to IAF's analysis of assessment provisions in other domestic or global jurisdictions. IAF plans to launch "The Colorado Project," which will work to form a Colorado assessment template that considers "the breadth of parties to be considered and a description of what significant risk might entail."
Complying with Colorado's data protection assessment requirements
Related stories
Notes from the IAPP Canada: Building momentum during Privacy Awareness Week
A view from DC: US Senate hearing gives a preview of AI on Cruz control
A view from Brussels: From coal and steel in 1950, to cybersecurity and AI in 2025
Notes from the Asia-Pacific region: OPC releases draft guidance on Privacy Act amendment
Mirror, mirror: Navigating privacy and AI compliance with digital clones
