Effective, July 1, 2023, controllers must comply with personal data processing principles (transparency, purpose limitation, data minimization, security), conduct impact assessments for processing of targeted ads, data sales, and sensitive data processing, and comply with consumer requests (access, correction, deletion, data portability, opt out); violations can result in action by the AG and district attorneys, with no private right of action for consumers.
Related Posts
Colorado Attorney General Public Consultation on CPA Rules
The Colorado Attorney General's Office is asking for the public to provide feedback on the CPA rules and what they should look like.
Real Estate Companies Don’t Need to Worry About Privacy – Right?
Real estate companies can believe data privacy doesn't apply as they handle property, not people, we've seen recently why this isn't the case
NY Court Approves $4.95 Million Settlement for Poor Security
A settlement has been agreed for a class action settlement against Deloitte following a significant data breach in May 2020.