Colorado Privacy Act Consulting
If you need help getting ready for the Centennial State’s new privacy law, you’re not alone. Red Clover Advisors is here to help you make it all make sense.
If you need help getting ready for the Centennial State’s new privacy law, you’re not alone. Red Clover Advisors is here to help you make it all make sense.
When the European Union passed the General Data Protection Regulation (GDPR), it was the first major comprehensive consumer privacy law in the world.
The GDPR became effective in 2018, and since then, countries and consumers have continued to demand changes to the way companies collect and process personal data online.
Unlike the European Union, the United States does not have a federal digital data privacy law that is enforceable across all 50 states. Instead, the US has opted for a fractional approach, creating a patchwork of privacy regulations that vary from state to state.
In 2018, the first US data privacy law, the California Consumer Privacy Act (CCPA), took our country’s data privacy from zero to 60.
California also closed CCPA loopholes by passing another law, the California Privacy Rights Act (CPRA), before other states could even get a law on the books. But in early 2021, the Virginia General Assembly passed the Consumer Data Protection Act (VCDPA) and Virginia became the second state to protect consumer privacy.
The June 2021 Colorado Privacy Act (CPA) borrows from both the California and Virginia laws, but it also has a few original contributions to the US privacy patchwork.
Many businesses view privacy as an expensive cost center. That’s not accurate. Here’s why:
Creating an effective privacy program shows your customers you mean it when you say you care about them by putting your money (and your resources and your focus) where your mouth is.
If you center privacy as part of a customer experience and retention strategy, you’ll meet an unmet need, strengthen customer loyalty, and outperform your competition—all without changing a single product.
Here’s the skinny on the who, what, and how of the CPA.
Entities that conduct business in Colorado OR produce products or services intentionally targeted to Colorado residents AND
(Unlike the CCPA and the VCDPA, there are no thresholds for either annual revenue or percent of revenue derived from the sale of data)
(Unlike the CCPA, but similar to the VCDPA, there is no private right of action for consumers)
But trust us. Meeting these regulatory requirements is easier than you think. Doing it might even make your operations more efficient and effective.
RCA’s privacy consulting services can give you what you need within your budget and your timeline.
The CPA goes into effect on July 1, 2023, which means that time is on your side.
But only if you start now.
Here are five steps you can start on today. To learn more, download our full guide to CPA compliance.
You can’t protect what you don’t understand.
If you don’t want to have to redo the program and processes you create, you have to know everything about your data, including:
We can map your data by following it through its entire lifecycle in your system. And if you already have compliance software, we have the expertise needed to maximize its capabilities.
Data mapping almost always reveals vulnerabilities in your data infrastructure. Whether the risk comes from technology, processes, or people, RCA can help you clearly identify the issue, find realistic solutions, and implement the changes needed to remedy the situation.
The CPA was only passed in June 2021, which means many of the technical parts of the law haven’t been decided yet. But that doesn’t mean you can’t get started.
Most privacy laws follow privacy best practices, and there are plenty of things you can do to establish a foundation capable of quickly and easily responding when the nitty-gritty details are finally ironed out.
In particular, this means being prepared to meet individual rights requirements. Individuals have the right to be informed when their personal data is collected, to correct inaccuracies in their personal data, and to delete their data from your database. They also need to have the option to receive a copy of their personal data in an easy-to-use format and to opt out of ad targeting and having sensitive data shared or sold.
As recognized privacy experts who understand that consumer privacy is a new field still finding its feet, we excel at developing smart and sensible solutions that are adaptable and scalable by design.
The best privacy program in the world will fail if it’s not cross-functional in both design and execution.
Protecting customers’ sensitive personal information in our hyperconnected economy crosses IT, marketing, customer experience, legal, HR, and operations functions. If you want your privacy program to work, representatives from all these teams need to be together at the drafting table.
95% of data breaches are caused by human error, which means your employees can either be your best defense or your biggest liability.
Just like you need input from all your departments when you create your plan, you need every employee in each of those groups to understand their role in your plan’s execution.
With the goal of matching content to your specific needs, our customized training programs can be delivered virtually or in person for small groups or entire companies over just a few hours or across several days.
You can’t fake preparation.
Crisis situations are inevitable. But there is a difference between crises that are outside your control and crises you create for yourself by ignoring issues visible on the horizon.
If you aren’t proactively working on protecting your customers’ sensitive personal information, you’re building your own crisis brick by brick.
Right now, you’ve got the time.
And we’ve got the skills.
Don’t get forced into learning about data inventories, reasonable security measures, and privacy best practices when you’re facing enforcement actions or in the middle of a damaging data breach. If you put in the work now, you’ll have the skills and knowledge you need to quickly resolve issues when they happen.
At RCA, we passionately believe that a good data privacy program is a powerful tool that creates great experiences for your customers and helps you give more value than you take. Our in-depth understanding of data regulations and corporate backgrounds allow us to successfully guide clients through the intersection of data privacy, digital marketing, and business strategy.
We can help you understand and satisfy the CPA’s regulatory requirements, but more importantly, we can help you create a data privacy program that goes beyond compliance and makes consumer privacy awareness part of your company culture.