The office of the Colorado Attorney General, Phil Weiser, recently issued a data security best practices guidance document as part of his office’s role in “implementing and enforcing data security and data privacy laws.” In recent remarks on Data Privacy Day on January 28, 2022, the Attorney General (the AG) discussed the upcoming rulemaking process that will take place over the next several months as a result of the passage of the Colorado Privacy Act. In addition, the data security best practices document updates previous guidance released by the A G’s office to provide guidance on important data security practices.

The guidance identifies nine areas of focus:

  • Inventory data that are collected and have a system to store and manage data;
  • Adopt a written information security program;
  • Adopt a written incident response plan;
  • Manage third party vendors;
  • Train employees to prevent and respond to cybersecurity attacks;
  • Follow the Department’s ransomware guidance;
  • Timely notify affected individuals and the Attorney General in the event of a data breach;
  • Protect affected individuals with services such as credit monitoring; and
  • Regularly review and update your privacy and security policies.

We will be watching the regulatory process in Colorado closely as regulations are developed to implement the Colorado Privacy Act. In the meantime, the guidance provides important reminders to all regarding sound data security and privacy practices.

Photo of Deborah George Deborah George

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She…

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters. She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as drafting and reviewing contracts, business associate agreements, and data use agreements. Read her full rc.com bio here.