New Colorado Data Protection Law – Another Reason to Act
June 14, 2018
On May 29, the Colorado state legislature passed House Bill 18-1128, giving organizations doing business there yet another reason to make sure they’re properly destroying any and all personally identifying information (PII).
Besides expanding the definition of PII, and refining the state’s data breach notification requirements, the new law states that covered entities must develop and/or maintain a written policy for the destruction of any electronic or paper documents containing PII, It also states that covered entities must take measures to protect PII shared with to third-party service providers by requiring them to implement and maintain security procedures, including incident reporting, written policies, employee training and breach reporting (to the covered entity).
This should come as welcome news to NAID members versed in the use of the NAID Compliance Toolkit, who can now point to this state law when discussing their ability to help their clients (and prospects) achieve compliance. And, because customers must now proactively verify such measures are in place, NAID AAA Certified services will now have a clear advantage.
According to NAID CEO Bob Johnson, the new law is important insofar as it provides another way to demonstrate value to clients and prospects.
“If we know anything, it is that data protection laws only get stronger,” said Johnson. “When that happens, it is up to us to seize the opportunity to demonstrate our value. It gives us a reason to contact them.”