-
Colorado Privacy Act: CPA follows the template of Virginia, Utah, and Connecticut as opposed to the CPRA model
-
Exemptions under CPA: De-identified data, employee data, B2B, federally regulated industries
-
Consumer Rights: Right to opt out, access, correct, delete, portability, and understand what info businesses collect. Consumers must be given the option for universal opt-out consumers are required to opt-in for the collection and use of sensitive PI.
-
Business Obligations under CPA: Notice, Purpose, Security, Consent
-
Limited Right to cure till January 1, 2025, and no private right of action under the law
-
Timeline and status of the rules
-
Definition of terms
-
Universal opt of mechanism
-
Privacy Policy: what approach to follow
-
Consent: When and how you need to obtain consent; avoiding dark patterns
-
Profiling: transparency, opt-out, consent, DPAs
-
Data protection assessments: specific requirements and timings
-
Loyalty programs
