Init0

Tech News That Matters

What to know about the new privacy and cybersecurity laws – cobizmag.com

Home / What to know about the new privacy and cybersecurity laws – cobizmag.com

npressfetimg-5494.png
Cybersecurity

What to know about the new privacy and cybersecurity laws – cobizmag.com

By Cybersecurity November 22, 2021

2021 has been quite the year for privacy and cybersecurity, with the passing of wide-ranging new laws (both domestically in the US and internationally), hard hitting regulatory actions, and increasingly sophisticated cyber-attacks. 

As we approach the year end, let’s review some of the main issues Colorado businesses will need to address as a result of these developments. 

Colorado Privacy Act (CPA) 

On July 8, 2021, Colorado joined California and Virginia to become the third US State to pass a comprehensive privacy law. 

The CPA goes into force in just over 12 months’ time, on January 1, 2023 and will apply to companies that do business in Colorado and either (i) process or control the personal data of 100,000 or more Colorado residents or households in a calendar year, or (ii) derive revenue or discounts from the sale of personal data and process or control the personal data of 25,000 or more Colorado residents or households. 

The CPA places significant obligations on Colorado businesses, including broad consumer rights and the need for consent to process ‘sensitive’ personal data, along with other backend or operational requirements such as requirements for vendor contracts and data protection impact assessments. 

China’s Personal Information Privacy Law (PIPL) 

China’s first comprehensive privacy law, the PIPL took effect on November 1, 2021. 

This law is part of a broader bucket of privacy and security laws which form an overarching framework governing data protection, cybersecurity, and data security, in China. 

Similar to the European Union’s General Data Protection Regulation (GDPR), the PIPL applies to organizations that process personal data outside of China if the purpose of that processing is to (i) provide products or services to individuals in China, or (ii) analyze or assess the behavior of individuals in China. 

The PIPL includes a number of requirements that emulate those of the GDPR, including requirements for a lawful basis for processing, appointment of a local representative, individual rights to notice, access, correction, erasure, and portability of personal data, together with restrictions on international transfers of personal data. 

Of note, individuals will have the right to bring legal actions against organizations if …….

Source: https://www.cobizmag.com/what-to-know-about-the-new-privacy-and-cybersecurity-laws/