Privacy and security compliance obligations for health care companies remain hot topics this spring. Health care companies must now contend with data breach laws in all 50 states as well as keeping on top of federal HIPAA developments.
New Colorado Data Breach Law
Our Privacy and Security colleagues recently blogged about a new Colorado law that imposes strict requirements on entities that maintain, own, or license personal identifying information of Colorado residents. The law broadly defines “personal identifying information” as a Social Security number; a person identification number; a password or passcode; a driver’s license or identification card number; a passport number; biometric data; an employer, student, or military identification number; or a financial transaction device. In addition, the law requires entities to report breaches of such data within 30 days of discovery.