Ask Reggi Your Question Now
Can you summarize CORS 6-1-716?
SPECIFIC PROVISIONS > Notification of security breach.
Short Summary
This legal document outlines the security breach notification requirements for covered entities in Colorado. It defines key terms such as ‘biometric data,’ ‘covered entity,’ ‘determination that a security breach occurred,’ ’encrypted,’ ‘medical information,’ ’notice,’ ‘personal information,’ ‘security breach,’ and ’third-party service provider.’ The document specifies that covered entities must conduct a prompt investigation when they become aware of a potential security breach and provide notice to affected Colorado residents if misuse of personal information has occurred or is likely to occur. The notice must include information about the breach, contact details for the covered entity, consumer reporting agencies, and the Federal Trade Commission, as well as information about fraud alerts and security freezes. The document also addresses the responsibilities of third-party service providers, the role of law enforcement agencies in delaying notice, and the notification requirements to the Colorado attorney general. Violations of this section may result in legal action by the attorney general. The document also provides procedures deemed in compliance with notice requirements and clarifies that it does not relieve covered entities from compliance with other applicable laws.
Whom does it apply to?
Covered entities that maintain, own, or license computerized data that includes personal information about a resident of Colorado
What does it govern?
Security breach notification requirements for covered entities in Colorado
What are exemptions?
No exemptions are mentioned.
What are the Penalties?
Not specified.
Jurisdiction
Colorado