Colorado’s Protections for Consumer Data Privacy law (“new law”) takes effect on September 1, 2018 and requires that businesses holding personal information for Colorado residents destroy the data they don’t need, protect the data they decide to keep, and disclose any security breaches involving that data within 30 days of its occurrence. The new law amends existing obligations and adds new obligations applicable to businesses holding information about Colorado residents.
It seems that everyone accepts credit cards nowadays – including the farmer who sells produce at my local farmer’s market (which I appreciate because I never have cash)! Anyone who accepts credit cards or debit cards, even a sole proprietor who processes a small number of transactions, must be in compliance with the Payment Card Industry Data Security Standards (“PCI DSS”). Many small businesses may not have heard of the PCI DSS or assume that the requirements do not apply to them or that compliance is too expensive. To the contrary, all merchants that accept credit cards must comply with the PCI DSS, and the costs of a breach generally outweigh the time and expense to set up a secure and compliant card payment system in the first place. Continue Reading Even your momma needs to comply with PCI DSS