Data Privacy Laws:
How Does Colorado Stack Up?

The Most Valuable Resource

A person's hand is reaching forward into the frame of the photo and supporting the graphic image of a lock icon surrounded by zeros and ones.In 2017, the Economist stated, “The world’s most valuable resource is no longer oil, but data.” The collection, use, and sharing of data really has become the lifeblood of the business world. As information increased in value, so did the level of criminal activity associated with it. At the same time, the US government attempted to stay ahead of privacy crime by making sure that consumers’ information is protected and businesses comply with the limitations and procedures set for the use of private information.

Federal Protection

Colorado residents and businesses are already been governed by federal laws which include:

  • Privacy Act of 1974 providing rights and restrictions on data held by government agencies
  • HIPAA of 1996 providing personal data protection of healthcare and health insurance
  • GLBA of 1999 protecting financial nonpublic personal information
  • COPPA of 2000 protecting the personal information of children 12 years of age and younger
  • SOX of 2002 set standards related to data protection of US public companies and accounting firms
  • FACTA of 2003 amended the FCRA restricting information privacy, accuracy, sharing and disposal

State Protection

On July 1, 2023, Colorado followed California and Virginia in implementing broad consumer privacy legislation into law. The Colorado Privacy Act requires controllers to:

  • Explain the purpose for which your personal data is collected and processed.
  • Restrict the collection of your data to what is adequate, relevant, and limited to what is reasonably necessary to a specified purpose.
  • Not process your personal data for reasons that aren’t reasonably necessary with the specified purposes that the data collected without your consent.
  • Properly secure your personal data.

Chain of Custody

Since data is such a valuable commodity, any company that collects, handles, shares, and uses your personally identifiable information (PII) must track and accurately document every person and organization who handles it, the date and time it was collected or transferred, the purpose for the transfer, and the secure destruction of your PII at the end of its lifecycle.

To be considered properly destroyed, PII must be rendered impossible to read or recover. To achieve this high level of information security, many organizations have partnered with a professional shredding company. For legal proof of that destruction, a reputable shredding company will provide a Certificate of Destruction when shredding is complete, completing the chain of custody.

Apex Shredding provides secure shredding services to the businesses and residents of Northern Colorado. We are compliant with federal and Colorado privacy laws, and our NAID AAA Certification verifies that we meet the highest security and ethical standards in the industry so you can be confident that your information is protected. For more information or for a free quote, give us a call at 907-532-5007 or complete the form on this page.

Request A Quote

  • This field is for validation purposes and should be left unchanged.

Covered By: