United States of America: Introduced Amendment to the Colorado Privacy Act for Enhanced Biometric Data Protection (HB 24-1130)

Description

Introduced Amendment to the Colorado Privacy Act for Enhanced Biometric Data Protection (HB 24-1130)

On 29 January 2024, the Bill amending the Colorado Privacy Act (HB 24-1130) was introduced in the Colorado Legislature. The Bill aims to add protections for an individual's biometric data. It would require a controller, who determines the purposes for and means of processing biometric data, to adopt a written policy that establishes a retention schedule for biometric identifiers, includes a protocol for responding to a security breach of biometric data, and guidelines for the permanent destruction of a biometric identifier. The Bil would also prohibit a controller from collecting a biometric identifier unless certain disclosure and consent requirements are met. It specifies certain prohibited acts and requirements for controllers that collect and use biometric data and requires a controller to allow a consumer to access and update a biometric identifier. The amendment restricts an employer's permissible reasons for obtaining an employee's consent for the collection of biometric identifiers and authorises the Attorney General to issue rules to implement the Bill.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2024-01-29
under deliberation

On 29 January 2024, the Bill amending the Colorado Privacy Act (HB 24-1130) was introduced in the C…

2024-04-22
adopted

On 22 April 2024, the Bill amending the Colorado Privacy Act (HB 24-1130) was adopted. The Bill aim…

2024-05-31
adopted

On 31 May 2024, the Bill amending the Colorado Privacy Act (HB 24-1130) was signed into law by the …