Colorado has a new state privacy law that will take effect July 1, 2023. Anyone living in Colorado, conducting business with Colorado residents, or operating a business in Colorado will have to comply with the Colorado Privacy Act (CPA). In addition to giving consumers rights and protections over their data, the regulation requires companies to be accountable to their consumers and implement protections over consumer data. The CPA is a comprehensive data privacy law akin to the California Consumer Privacy Act (CCPA).
Will your organization be affected? Are you ready to meet the requirements?
What’s Inside:
- Summary of the requirements and who is affected
- Recommendations for first steps to prepare for the new law
- Key compliance issues, thresholds invoking requirements, and summary of consumer rights
- Questions to help your organization prepare to comply with the new requirements
Why It Matters
Companies doing business in Colorado, or with customers in Colorado, must begin now to examine their processes and systems in preparation for the privacy law. This article provides some background and questions to get you started.

Brian Thomas
National Practice Leader, Advisory Services
Brian Thomas, CISA, CISSP, QSA, has more than 20 years of experience in management consulting,…

Brett Nabors
Partner, IT Advisory Services
For more than 15 years, Brett Nabors, CISA, CCSK, CDPSE, CMMC RP, has assisted organizations as an internal…

Trip Hillman
Partner, IT Advisory Services
Trip Hillman, CISSP, CISA, CEH, GPEN, GCFE, GSNA, has more than a decade…