Regulators in California and Colorado recently announced enforcement sweeps under new and newly updated state privacy laws. Companies in Colorado (including nonprofits) and California should double-check their privacy notices, processes and documentation to comply with these laws, particularly the enforcement priorities identified in the notices.
Colorado: The Colorado Attorney General announced an enforcement sweep just days after the Colorado Privacy Act (CPA) took effect on July 1, 2023. The stated priorities include complying with sensitive data processing requirements and targeted advertising and profiling opt-out requests. Although the Attorney General noted that letters mailed to Colorado organizations were intended to be educational warnings, we are aware of more direct enforcement and inquiries as well. The attorney general’s office also launched a designated CPA resource hub with FAQs, guidance and links to the final regulations.
If you have questions or need assistance ensuring compliance with these laws and regulator enforcement priorities, please reach out to Elliot Golding or Allison M. Tassel or contact your regular McDermott lawyer.
Check out our additional coverage on new state consumer privacy laws: