David M. Stauss and Gregory Szewczyk of Ballard Spahr write:
A bipartisan group of Colorado legislators proposed legislation that, if enacted, would significantly change the requirements for how Colorado entities protect, transfer, secure, and dispose of documents containing “personal identifying information” (PII). The proposed legislation also would expand the types of information covered by the Colorado Breach Notification Law and result in additional requirements for companies that have suffered a data breach, such as a 45-day deadline to provide notice to affected individuals.
Read more on National Law Review. This bill, if enacted, would provide much stronger protections for consumers. Take a look at it, and if you’re in Colorado, you might want to contact your legislator and express your enthusiasm for it.
Thanks to the reader who pointed me to this article.