DENVER BUSINESS JOURNAL - Beginning on Sept. 1, Colorado businesses will have just 30 days to inform customers if their private data has been compromised in a breach — the shortest time frame of any state in America.
The change is one of several coming about as a result of Gov. John Hickenlooper signing into law on Tuesday House Bill 1128, a once-contentious bill dealing with consumer-data privacy that managed to make it through the Legislature without a single “no” vote after its bipartisan sponsors to make sure that business leaders and consumer advocates could find an amicable way to get to the goal of ensuring greater protection of information.
“I was ultimately persuaded that more businesses are moving in this direction or are already there because they understand that most consumers will not want to do business with companies that don’t have reasonable protections,” co-sponsoring Rep. Cole Wist, R-Centennial, said outside the signing ceremony on Tuesday.
HB 1128 was one of three bills introduced during the 2018 legislative session looking to help consumers in the wake of high-profile data breaches, particularly the 2017 incident in which information on 145 million customers of credit-reporting company Equifax Inc. (NYSE: EFX) was hacked. A noncontroversial bipartisan bill allowing guardians to freeze the credit reports of minors already has received Hickenlooper’s signature, which a bill from a Republican representative allowing consumers to freeze their records if a company was hacked was defeated.