CO Could Boost Cybersecurity Protections With New Bill

House Bill 1128 would install breach notification deadlines among other requirements

Colorado could raise the bar on how companies handle residents’ personal data if a bipartisan bill proves successful this session.

State lawmakers introduced a bill Jan. 19 that would build on Colorado’s existing data security and breach notification framework. House Bill 1128, if passed, would place more specific deadlines on data breach notification and give the Colorado Attorney General’s Office more authority to pursue cases against companies following a data breach.

Republican Rep. Cole Wist is co-sponsoring the bill with Democratic Rep. Jeff Bridges. Bridges said the bill was partly a response to last year’s Equifax hack that compromised the personal data of more 140 million people. While that breach brings the cybersecurity issue “into sharp focus,” Bridges said, the bill’s proposals for Colorado are broad and go beyond the Equifax incident.

Wist, a shareholder at Ogletree Deakins who represents employers in labor and employment matters, brings a consumer’s perspective to the data breach issue. His personal data was exposed in the 2015 Blue Cross Blue Shield hack, and he’d only found out about it when the IRS informed him that someone tried to file tax returns using his and his family’s identifying information. The Wists have been on guard against identity theft since then.

To read this story and other complete articles featured in the January 29, 2017 print edition of Law Week Colorado, copies are available for purchase online.