Data Privacy – In General
In 2018, the Colorado Legislature passed HB 18-1128, “Concerning strengthening protections for consumer data privacy,” with unanimous support. This bill took effect on September 1, 2018, and applies to essentially all private and public organizations in Colorado, including school districts and BOCES.
HB 18-1128 imposes three main requirements:
- implementation of “reasonable security procedures and practices” to protect personal identifying information;
- implementation of data destruction policies; and
- procedures concerning notification of data security breaches in accordance with the law’s notification and timing requirements.
Fortunately, HB 18-1128 contains exclusions from its requirements for entities regulated by state or federal law that maintain procedures on these topics pursuant to their applicable regulatory frameworks. In general, therefore, school districts and BOCES already employ policies and procedures which satisfy HB 18-1128’s requirements. However, given the scope of HB 18-1128, which encompasses some student data as well as employee data, we recommend that school districts and BOCES review local board policy and procedures to ensure compliance with HB 18-1128’s requirements.
For additional information on other state and federal laws applicable to student data privacy and the confidentiality of student education records, click HERE.
As a benefit of CASB membership, CASB’s Member Legal Resources Team developed a legal memo regarding the implications of the Consumer Data Privacy Act on school districts and BOCES. To access this memo, please sign in with your CASB username and password. CLICK HERE
- CASB legal memo, “HB 18-1128: Consumer Data Privacy”
- HB 18-1128, Concerning strengthening protections for consumer data privacy