The Consumer Data Protection Act applies to persons conducting business in the Commonwealth or producing products or services targeted to residents of the Commonwealth. It establishes consumer rights, including the right to access personal data, correct inaccuracies, delete personal data, obtain a copy of personal data, and opt out of certain processing activities. The Act imposes responsibilities on controllers, such as limiting the collection of personal data, establishing data security practices, and providing clear privacy notices.

The Colorado Privacy Act is introduced to provide additional protection for data relating to personal privacy. It applies to controllers conducting business in Colorado or intentionally targeting residents of Colorado. The Act grants consumers the right to access, correct, and delete personal data, as well as the right to opt out of the processing of personal data for targeted advertising, sale of personal data, and profiling. There are exemptions for certain types of data, such as protected health information, employment records, and data regulated by federal laws like HIPAA and the Gramm-Leach-Bliley Act.

The California Consumer Privacy Act of 2018 (CCPA) is a comprehensive privacy law that governs the collection and use of personal information by businesses operating in the State of California. It applies to businesses that collect personal information from California residents and provides consumers with certain rights and protections regarding their personal information. The CCPA defines various terms related to privacy, such as ‘personal information,’ ‘business,’ and ‘consumer.’ It establishes requirements for businesses, such as providing notice to consumers about the collection and use of their personal information, allowing consumers to opt out of the sale of their personal information, and implementing reasonable security measures to protect personal information.

This legal document governs the use of external consumer data and information sources, algorithms, and predictive models by insurers. It prohibits unfair discrimination based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. The document requires the commissioner to adopt rules for the implementation of this section through a stakeholder process involving carriers, producers, consumer representatives, and other interested parties. Insurers are required to provide information about their use of external consumer data and information sources, establish risk management frameworks to minimize unfair discrimination, and provide ongoing monitoring and assessment.