Le Lézard
Classified in: Business
Subjects: LEG, SBS

Colorado Document Security Discusses New Colorado Data Protection Law - Another Reason to Act


GRAND JUNCTION, Colo., June 25, 2018 /PRNewswire/ -- On May 29, the Colorado state legislature passed House Bill 18-1128, giving organizations doing business here yet another reason to make sure they're properly destroying any and all personally identifying information (PII).

Besides expanding the definition of PII, and refining the state's data breach notification requirements, the new law states that covered entities must develop and/or maintain a written policy for the destruction of any electronic or paper documents containing PII. It also states that covered entities must take measures to protect PII shared with third party service providers (ones shredding vendor) by requiring them to implement and maintain security procedures, including incident reporting, written policies, employee training and breach reporting (to the covered entity).

How does this new law apply to my business?

If your business maintains, owns or licenses personal information of Colorado residents, you need to comply. Keep in mind that personal information is broadly defined to include first initial and last name in combination with unencrypted identification numbers (SSN, passport number, driver's license, etc.). It also includes an email address combined with a password or security questions and answers and account or debit/credit card numbers combined with access codes or passwords.

What does a business need to do for Compliance with this new law?

How do I perform due diligence in selection of third party service providers?

It is important to note that the proposed changes require any person or entity that uses a nonaffiliated third party as a service provider (ones document destruction vendor) to ensure that the third party maintains reasonable security procedures and practices procedure and practices need to be "appropriate to the nature of the personal identifying information disclosed to the nonaffiliated third party and reasonably designed to help protect the personally identifying information [PII] from unauthorized access, use, modification, disclosure, or destruction." Therefore, it is crucial for any commercial entity that maintains, owns or licenses computerized data that includes the personal information of a Colorado resident to ensure that it and its vendors both use sufficient security procedures. One needs to look for Best Commercial Practices.

Colorado Document Security assists companies with developing Court Defensible Risk Mitigation, through Best Commercial Practices to meet this new law.

In performing proper due diligence for Compliance with this new law, Scott Fasken (founder of Colorado Document Security) recommends that a business, to meet the Best Commercial Practices, must look at issues of certification of a business's vendors and of Professional Liability to cover a firm in the rare case of a data breach.  As an example, under the Federal Trade Commission FACTA Document Destruction Rule, a business needs to hire, for the destruction of consumer records, a vendor certified by a recognized trade association. NAID AAA Certification meets that requirement with Independent third party audits and a set of written policies and procedures.

Next, make sure that your vendor carries a Professional Liability insurance policy.  In the case of a data breach General Liability insurance does not cover the cost of breach notification. Only Professional Liability insurance will cover both you and the vendor in the rare cause of a breach during the destruction. Make sure your vendor can indemnify your firm via Professional Liability insurance.

Fisher and Philips, a Denver law firm, this week held a webinar on this law. The speakers pointed out the need in a firm's vendor due diligence selection to make sure that the vendor holds professional licenses, certification and Professional Liability insurance to protect the firm.

Also, if needed, Colorado Document Security as a Compliance partner can assist your firm in the development of the written policy and employee training for document destruction when data is no longer needed. Colorado Document Security can provide a 14 minute DVD "The NAID Employee Information Disposal Training Program" to as assist in meeting the mandate of this new data privacy law, as well as answer any questions a business may have.

NAID Employee Training document destruction information: https://www.youtube.com/watch?v=v26jv2IA1GY

Professional Liability Insurance: https://www.youtube.com/watch?v=vxQNuV4L8h8&t=6s

About Colorado Document Security

Scott Fasken?Founder?In 2003 Colorado Document Security was the first On-site local service in Western Colorado and today owns five trucks and services 4 states.

Scott Fasken joined immediately the National Association for Information Destruction in 2003, a 1,900 member international trade association for information destruction professionals. In 2011, Fasken was elected the President of the association and has spoken on Privacy issues from London to Sydney.

The company's focus is on Risk Management. From day one, they have strived to offer to help our clients develop a "Court Defensible Risk Mitigation Program."  Anyone can make a large piece of paper into small pieces of paper.  Our program is focused on Compliance, shredding is our methodology, Compliance is our Intellectual Property.

SOURCE Colorado Document Security


These press releases may also interest you

at 06:15
CNFinance Holdings Limited ("CNFinance" or the "Company"), a leading home equity loan service provider in China, today announced its unaudited financial results for the fourth quarter and fiscal year ended December 31, 2023. Fourth Quarter 2023...

at 06:11
OKX, a global leading Web3 technology company and crypto exchange, has opened entries for its Bitcoin halving-themed 'The Ultimate Bitcoin Rush' and 'OKX Web3 Bitcoin Drop' trading campaigns, featuring a prize pool worth over 10 BTC....

at 06:08
The following statement has been provided on behalf of all of the shareholders of Thames Water:  "Shareholders and Thames Water have been working with the regulator Ofwat for over a year on how to address the complex challenges facing the business....

at 06:08
Aesthetic Management Partners LLC, a manufacturer of skin-based solutions and a provider of energy-based devices announces its collaboration with Croma (Croma-Pharma® GmbH), a global player in the minimally invasive aesthetics market and a leading...

at 06:05
Zura Bio Limited ("Zura Bio") a clinical-stage immunology company developing novel dual-pathway antibodies for autoimmune and inflammatory diseases, today reported full year 2023 financial results and recent business highlights. The Company has also...

at 06:05
REX American Resources Corporation ("REX" or the "Company") , a leading ethanol production company, today announced financial and operational results for the Company's full year and fiscal fourth quarter 2023. REX American Resources' Q4 and full...



News published on and distributed by: