Merudata white trans Logo-1


Colorado Privacy Regulations: What Businesses need to know

November 15, 2022


Register now

Points of Discussion

  • Colorado Privacy Act: CPA follows the template of Virginia, Utah, and Connecticut as opposed to the CPRA model

  • Exemptions under CPA: De-identified data, employee data, B2B, federally regulated industries

  • Consumer Rights: Right to opt out, access, correct, delete, portability, and understand what info businesses collect. Consumers must be given the option for universal opt-out consumers are required to opt-in for the collection and use of sensitive PI.

  • Business Obligations under CPA: Notice, Purpose, Security, Consent

  • Limited Right to cure till January 1, 2025, and no private right of action under the law

  • Timeline and status of the rules

  • Definition of terms

  • Universal opt of mechanism

  • Privacy Policy: what approach to follow

  • Consent: When and how you need to obtain consent; avoiding dark patterns

  • Profiling: transparency, opt-out, consent, DPAs

  • Data protection assessments: specific requirements and timings

  • Loyalty programs

About the Facilitators:


Greg Szewczyk

(Co-Leader of Privacy and Data Security Group at Ballard Spahr LLP)


Priya Keshav

Founder & CEO

Meru Data LLC