Colorado State Capitol. (Photo: Jeff Zehnder/Shutterstock)
Colorado Gov. John Hickenlooper last week signed bipartisan bill HB18-1128, "Protections for Consumer Data Privacy," officially setting in place some of the most stringent requirements for personal information data disposal and data breach notification in place in any U.S. state.
|30-day notification window
The new law requires organizations to maintain a policy for disposing documents with consumer data and notify Colorado residents of any potential personal information exposure no later than 30 days after discovering a data breach. The 30-day notification window does not provide for any specific exemptions and is the shortest of any state.
Recommended For You
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Gabrielle Orum Hernández
Gabrielle Orum Hernández is a reporter with Legaltech News and the Daily Report covering legal technology startups and vendors. She can be reached by email at [email protected], or on Twitter at @GMOrumHernandez.
