The Colorado Privacy Act comes into effect on July 1, 2023, so businesses are going to need to learn the law and assess the data types, data uses, and data processing activities within their operational processes and products to ensure their current practices can support the law.
To help companies in this endeavor, today we’re releasing our Colorado Privacy Act module, which joins our suite of privacy law compliance modules for GDPR, CCPA/CPRA, and VCDPA compliance. With the CPA module enabled an out-of-the-box taxonomy provides intelligent rulesets and workflows for the CPA and automatically analyzes the inputs from past product launches to power recommendations that ensure you stay in compliance – without ever having to refer back to the law.
About the CPA
The CPA gives consumers the right to access their data, obtain a copy of their personal data, and request that their personal information be deleted by businesses. It also requires companies to conduct data protection assessments related to processing personal data for targeted advertising and sales purposes. The CPA applies to persons who “conduct business” in the Commonwealth or produce products or services that are “targeted” to residents of Colorado.
If you’re doing business in Colorado, you may be within the law’s scope. You need to satisfy one of two requirements for CPA to apply to you, those are:
If you control or process the personal data of at least 100,000 consumers in a calendar year, or, if you process the personal data of at least 25,000 consumers and gain more than 50% of your gross annual revenue from selling that data.
Companies should plan to take an inventory of the data they hold that may be considered “sensitive” under the CPA, as well as the context in which it was collected or processed. That’s because the CPA requires opt-in consent before processing sensitive data, which it defines as, data that reveals:
- Racial or ethnic origin
- Religious beliefs
- A mental or physical health condition or diagnosis
- Sex life or sexual orientation
- Citizenship status,
- Genetic and biometric information
- Children’s data
How does TerraTrue help me comply with CPA?
Our CPA module is purpose-built to guide companies along the path to compliance expertly. Our system uses structured data, which uniquely allows us to automatically analyze past launch information like data types, data uses, and org info to provide customers a curated set of recommendations that will help them identify what they may need to take action on to comply with the CPA.”
Our structured data approach saves teams from the slow, inefficient, and error-prone process of manual gap analysis. Without it, you’re digging through old privacy reviews by hand, examining them individually, and cross-checking your privacy practices with the CPA’s new requirements. Even in smaller organizations, a full gap analysis can sprawl across thousands of pages of documentation that must be mapped and tracked across all of their databases and tools.
TerraTrue’s CPA module automates most of this work. Documenting existing data protocols is quick, taking just a few minutes for each privacy review. Then the platform automatically scans a company’s entire privacy program and creates a prioritized list of recommendations — the expert-guided path to CPA compliance.
Run privacy reviews that get simpler over time
TerraTrue gets smarter the more teams use it, so completing privacy reviews for new products, features, and business initiatives get simpler and more efficient over time. Does a business work with sensitive data types like citizenship, immigration status, or biometric data? Does it require users to create online accounts? Does the HR department retain contact information for job applicants or past employees? TerraTrue learns about a company’s privacy practices every time a privacy review is completed — meaning its recommendations get better and reviews get simpler as teams go.
Get real-time guidance on shifting regulations
TerraTrue helps teams stay on top of regulatory changes as they happen. TerraTrue’s CPA module accounts for incoming regulations, court decisions, and enforcement interpretations, so companies can stay up to date without getting bogged down in research. That means they’ll get the confidence of expert guidance without spending huge amounts of time and money deciphering and interpreting new rules.
Read more on our blog
To dive deeper into what’s changed with CPA, read more >