Businesses that have implemented measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (CCPA) can leverage some of their existing vendor contract terms, website disclosures and data subject rights response processes to satisfy requirements under the Colorado Privacy Act (CPA). However, the CPA, and the recently published proposed CPA Rules, contain certain unique and prescriptive requirements that may warrant taking a CPA-specific approach to compliance. How the finalized CCPA regulations and CPA Rules look will largely dictate whether companies will need to expand or change the scope of their privacy compliance measures to meet the obligations set forth under both California’s and Colorado’s privacy regimes.

Businesses that have implemented compliance measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (CCPA) can leverage existing vendor contract terms, website disclosures and data subject right processes to satisfy requirements under Nevada’s Revised Statutes Chapter 603A. Most companies will not need to expand the scope of CCPA-focused privacy notices because the Nevada laws are much more narrowly framed. But, companies may find it operationally efficient to broaden the scope of opt-out rights if they engage in data sharing practices that qualify as “selling” of personal information, for example, in the context of digital advertising.