Privacy Policies & Statutory Obligations

If you store personal client information, you have new statutory obligations!

Effective September 1, 2018, Colorado Revised Statute § 6-1-713 requires “covered entities” to comply with new rules regarding the security and disposal of “Personal Identifying Information.”

Any entity in the course of business, vocation, or occupation that maintains, stores, or processes Personal Identifying Information is a “covered entity” and must comply with the statute. 

Personal Identifying Information means social security number, personal identification number, password, passcode, a state-issued driver’s license or identification card; passport number, biometric data, employer, student, or military identification number, or financial transaction device.

• If your entity handles any Personal Identifying Information, it must: 

• Adopt appropriate security procedures to protect Personal Identifying Information;

• If any of your entity’s vendors handle Personal Identifying Information, your entity must have security and notification procedures in case of a data breach by vendor;

• Keep a written policy for documentation destruction when the Personal Identifying Information is no longer necessary;

• Adopt a data breach notification policy where notice is provided to individuals no later than thirty (30) days after the determination of a breach. This notification requires the entity, without unreasonable delay, notify the Colorado Attorney General of the breach, and conduct a good faith investigation to as to cause of the breach. Colorado Revised Statute § 6-1-716. 

Homeowners Associations and Management companies alike must comply with this newly enacted statute. 

WesternLaw Group can help your associations with this Policy. Contact us today for more information.

9351 Grant St., Ste. 120, Thornton, CO 80229 | Office: (720) 542-8724 | Fax: (720) 542-8726 | www.westernlawgroup.com