The Colorado Privacy Act will expand its definition of sensitive information starting August 6, 2024. This amendment introduces biological data as sensitive information, which encompasses data generated through the technological processing of an individual’s physiological and biochemical properties. By including biological data, the Act aims to enhance the protection of personal information that can be used for identification purposes.
Additionally, the amendment introduces the concept of “neural” data as sensitive information. This type of data is generated by devices that measure brain activity and includes information derived from the activity of an individual’s central or peripheral nervous system. This inclusion is notable as it reflects the growing interest in regulating data obtained from advanced technologies that monitor brain function.
Under the amended Colorado Privacy Act, companies processing sensitive information will need to follow specific requirements. These include disclosing the categories of sensitive information they collect in their privacy policies, obtaining consent from individuals before collecting or processing such information, respecting deletion requests, and conducting data protection impact assessments in compliance with the Act.
This amendment marks a significant development in U.S. privacy law, being the first to specifically address “neural” information. As legislators increasingly consider the implications of new technologies and data collection methods, similar amendments may arise in other privacy laws, paving the way for comprehensive regulations in the evolving landscape of data privacy.
Reference:
