Search
Close this search box.
colorado privacy act graphic

Colorado Privacy Act – Rocky Mountain Regulations

Colorado has joined California and Virginia to become the third U.S. state to pass comprehensive data privacy legislation.  The new law, which went into effect on July 1, 2023, borrows in part from the European Union’s General Data Protection Regulation, but more significantly from both the California Consumer Privacy Act, including as amended by the California Privacy Rights Act, and the Virginia Consumer Data Protection Act. Unlike those state laws, the Colorado law does not exempt nonprofit organizations. 

What is CPA?

The Colorado Privacy Act (CPA) is a state law that gives consumers the right to know what personal information is being collected about them, why it is being collected, and how it will be used. The CPA also gives consumers the right to control how their personal information is used and to remove their personal information.

Who Should Care?

The CPA applies to any organization that controls or processes personal data regarding 100,000 Colorado consumers or derives revenue or receives a discount on the price of goods or services from the sale of personal data and processes the personal data of 25,000 Colorado consumers or more. The CPA defines ‘consumers’ as Colorado residents acting in their individual or household contexts. Excluded from that definition are individuals acting in a commercial or employment context. For nonprofit organizations “consumers” includes donors and visitors to their websites. 

What Consumer Rights Are Granted By the CPA?

The CPA grants Colorado consumers various privacy protection rights related to their personally identifiable information, and the opportunity to learn more about the types of data being collected, shared, and sold. These rights include:

  • The right to opt out of the sale of personal data.
  • The right to opt out of the collection or use of personal data for targeted advertising or various types of profiling.
  • The right to know whether an organization is processing or collecting their personal data.
  • The right to access personal data an organization has collected.
  • The right to delete personal data an organization has collected.
  • The right to correct the data an organization has collected.
  • The right to download a copy of their personal data.
  • The right to transfer their data from one platform to another (up to two times per year).

How Can My Organization Comply with CPA?

To comply with the CPA, organizations must provide consumers with clear privacy notices and conduct data protection assessments for any personal data processing that presents a heightened risk of harm to consumers. What qualifies as a “heightened risk” is not clearly delineated, however. Generally speaking, organizations which are subject to the CPA should:

  • Update their privacy policy to address the CPA requirements, including the “categories” of personal data processed. 
  • Update their contracts with third parties (i.e., anyone that “processes” personal data on their behalf) to ensure that they comply with the CPA. The CPA requires that these contracts include (i) processing instructions, including the nature and purpose of the processing; (ii) the type of personal data and duration of the processing; and (iii) obligations to delete or return all personal data at the end of the services period.
  • Ensure that they are implementing appropriate physical, organizational and technical cybersecurity safeguards and depending on the nature and use of the data collected, conduct a data-protection assessment.
  • Create a process to allow consumers to submit requests and receive information regarding their use of consumers’ personal data. Generally, organizations have 45 days to respond to such requests. 
  • Provide clear and conspicuous notice of the right to opt out of targeted advertising and sales of personal data. 
  • Establish the technical specifications of a user-selected universal opt-out mechanism by July 1, 2024. 
  • Obtain consumers’ informed consent before collecting sensitive data. 
  • Establish a procedure to determine when to conduct a data protection assessment.

Universal Opt-Out 

In an interesting twist, the CPA will make Colorado the first state to explicitly require companies to honor a universal opt-out signal. Starting July 1, 2024, organizations must allow individuals to opt out of targeted advertisements and/or the sale of personal data through a universal opt-out mechanism that meets the technical specifications established by the State Attorney General (AG).  I’ll explore this in detail in a future article. 

Conclusion 

While many of the rights and obligations set forth in the CPA should be familiar to organizations that process personal data, the CPA includes some additional requirements not seen in the other state data privacy laws. These include new consent requirements regarding sensitive data and a universal opt-out, as well as requirements around data processing and data privacy.  Organizations should review their data privacy policies and procedures with legal counsel to ensure compliance with the CPA.

Share this Post

Related Posts

perlman & perlman philanthropic sector law firm blue logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

LSU Foundation
Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA

perlman & perlman philanthropic sector law firm blue logo

click to exit page

news & events

Our attorneys’ recent contributions to the media and nonprofit sector publications.

news & events

Check out our attorneys’ recent contributions to the media and industry publications.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation

Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
American Rivers
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

Culture & Values

Vision

We view our clients as partners that share our commitment to bring about change in the world. Our goal is to provide them the peace of mind of knowing that they are in compliance with their legal obligations and to further empower them to achieve positive social impact and financial success.

Our Mission

Our mission is to provide the highest quality, integrity-driven legal services to our clients, using a practical, consultative, client-focused approach to identify and respond to problems and challenges.

We strive to maintain a culture characterized by respect, opportunity, diligence, mutual empowerment, entrepreneurship, and fair reward for efforts made on behalf of clients and the firm.

Perlman & Perlman is a Certified B Corporation

Certified B Corporations use the power of business to solve social and environmental problems. B Corps are unlike traditional businesses because they

  • Meet comprehensive and transparent social and environmental performance standards
  • Meet higher legal accountability standards
  • Build business constituency for good business