Duane Pozza Discusses Colorado Privacy Law’s Potential Impact on Compliance

July 9, 2021

Duane C. Pozza, chair of Wiley’s Federal Trade Commission (FTC) Regulation Practice and partner in the Privacy, Cyber & Data Governance Practice, was quoted in a July 9 Bloomberg Law article about a recently enacted privacy law in Colorado and how it may impact compliance for national companies as they prepare for other state privacy statutes to take effect in 2023.

As noted in the article, the Colorado law requires all companies to adhere to global opt-out mechanisms. The law gives Colorado residents the right to opt out of the sale of their personal data from businesses, as well as request that information be deleted. Businesses also must complete data protection assessments for processing activities.

Mr. Pozza said that variations in language among the respective state privacy laws can have large implications for compliance, noting that what works in one state may not necessarily work in another. Regulations issued before the Colorado law takes effect are likely to increase compliance preparations from businesses, he added.

“It’s going to be a matter of sitting down with companies and seeing where even small differences in wording can affect their business,” Mr. Pozza said.

Mr. Pozza said that in order to prepare for the new law, companies need to understand what types of data they handle and how that data flows to other parts of a business or to third parties.

“For companies that haven’t had to do this before, having a pretty good handle on data mapping and knowing what consumer data is being held within the company is important,” Mr. Pozza said. “Doing that at the last minute can be really inefficient.”

To read the article, click here (subscription required).