David M. Stauss and Gregory Szewczyk of Ballard Spahr LLP write:
As we first reported in our January 22, 2018, alert, the Colorado legislature is considering legislation that, if enacted, would significantly change Colorado privacy and data security law. On Wednesday, February 14, 2018, the bill’s sponsors submitted an amended bill that addresses issues raised by numerous stakeholders, including Ballard Spahr. The amended bill also was heard before the House Committee on State, Veterans, and Military Affairs, where it was unanimously approved.
The most significant changes are highlighted below.
Read more on The National Law Review. And yes, read more, as the state statute has some interesting overlap but also differences between the proposed state law and HIPAA and GLBA. And if adopted, HIPAA-covered entities would no longer have a 60-day window from discovery to notify – they might have only 30 days.