Colorado Privacy Act

What is Colorado CPA?


The Colorado Privacy Act (CPA), which went into effect on July 1, 2023, grants Colorado residents various rights over their personal data, including:

  • Right to access and correct personal data.
  • Right to deletion of personal data under certain circumstances.
  • Right to opt out of the sale of personal data.
  • Right to opt out of targeted advertising.
  • Right to know about processing activities.

At the same time, the act imposes several obligations to businesses:

  • Disclose data collection and processing practices in a clear and accessible privacy notice.
  • Obtain informed consent for collecting and using sensitive data.
  • Implement reasonable security measures to protect personal data.
  • Conduct data protection assessments for high-risk processing activities.
  • Respond to consumer requests within a reasonable timeframe.

The Colorado Privacy Act imposes the same requirements as any other consumer privacy law in the US.


MergeBase and Colorado CPA


MergeBase’s practices meet the requirements of every US privacy law, including Colorado’s, even though none of these laws apply to us.

In terms of consumer data privacy, our commitment to upholding the robust standards set by Canadian data protection laws naturally places us in a position of strength. This commitment ensures that we inherently meet and often exceed the consumer data privacy criteria established by US states, including the provisions of the Colorado Privacy Act.


How Can MergeBase Help You Comply with the Colorado CPA?


MergeBase can support your data security practices and help you meet the security requirements of the CPA. We can help with:

Continuous monitoring — With MergeBase’s continuous vulnerability scanning, companies can proactively manage potential threats and respond swiftly, showcasing a commitment to stringent data security practices.

Vulnerability management — MergeBase actively detects and ranks vulnerabilities in open-source components of applications that handle the personal data of Colorado residents.

Patch management integration — The integration of MergeBase’s findings with patch management systems accelerates the remediation of vulnerabilities, minimizing the period during which personal data is vulnerable.