Darkreading.com reported “Under the new law, if an individual’s personal information is part of a breach, he must be notified within 30 days after discovery — no exceptions.” The June 7, 2018 article entitled “New Colorado Breach Notification Rules Signed Into Law” included these comments about the new law signed by Gov. John Hickenlooper last week:
The new notification requirement will have a special impact on organizations that must notify individuals of a HIPAA breach because it takes precedence over the federal 60-day notification window.
Notification requirements include telling affected individuals which data was released and the estimated data of the breach.
Of course the biggest problem with the the new Colorado law is how little we know within 30 days of a cyber breach!