• Skip to primary navigation
  • Skip to main content

American Cyber Security Management

Secure and certify all your data and processes

  • LinkedIn
  • Twitter
  • YouTube
  • Services
    • MSP/MSSP
    • Privacy
    • Security
    • ISO/IEC 27001:2022 Training & Certification
    • Secure DevOps
    • InfoSec Risk Management
    • Incident Response Planning
    • Artificial intelligence Readiness Offering
    • AppSec-as-a-Service
    • CISO As A Service
    • DPO As A Service
    • Security Monitoring
    • Security Operations
    • Awareness Training
  • Frameworks
    • CPA
    • CCPA/CPRA
    • GDPR
    • ISO 27001:2022
    • NIST 800-171
    • NIST 800-53
    • US Privacy Laws
  • News
  • Careers
    • DPO
    • CISO
  • Partners
  • About Us
    • Privacy Notice
    • Cookie Policy
  • Contact Us

Colorado Privacy Act (CPA) is now in effect, What you need to know!

August 1, 2023 By American Cyber Security Management

In the rapidly evolving landscape of data privacy, staying abreast of new regulations is vital for businesses. The Colorado Privacy Act (CPA), a recent addition to this landscape, has significant implications for businesses, and it is now in effect as of July 1, 2023! Does this apply to your business?

The CPA has specific criteria for applicability. It pertains to legal entities (Companies) that:

  • Conduct business or produce commercial products or services for Colorado residents.
  • Control or process personal data of at least 100,000 consumers per calendar year or,
  • Derive profit from the sale of personal information of 25,000 or more Colorado residents.

Failure to comply with the CPA can lead to civil penalties, emphasizing the importance of understanding and adhering to this law.  In the complex world of data privacy, ensuring your business is CPA-compliant is a crucial step.

This law specifies certain rights that Colorado citizens have and can use against these businesses. Colorado citizens can:

  • Opt-out of data processing for targeted advertising, sale, or profiling
  • Access their data that has been collected
  • Correct their data if it is incorrect or out of date
  • Request the deletion of their data
  • Obtain a portable copy of the data, or have it transferred to another business

The Colorado AG’s Office will enforce this regulation and offending businesses will be given 60 days in which to comply, otherwise fines or criminal charges could be brought.

 Resources:

  • Our Blog at https://www.americancsm.com/news/
  • ISSA Denver Privacy Special Interest Group Events – https://www.denverissa.org/events
  • IAPP KnowledgeNet Denver Events – https://www.linkedin.com/groups/12025846/
  • ACSM CPA-Readiness Assessment – https://www.americancsm.com/cpa-readiness-offering/

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com

Filed Under: Cyber Security News

  • ISSA
  • ISACA
  • ISC2
  • IAPP
  • CSA
  • CIS
  • Privacy Notice
  • Cookie Policy
  • Services
  • Frameworks
  • News
  • Careers
  • Partners
  • About Us
  • Contact Us

Copyright © 2025 American Cyber Security Management