Colorado passes data protection law requiring breach notification within 30 days

Colorado Gov. John Hickenlooper signed a bill into law requiring all organizations, including healthcare organizations, to report breaches within 30 days, marking the shortest turnaround time for any state. The legislation aims to improve privacy and security, and includes medical and health insurance identification data. Colorado joins Florida as one of the toughest states for breach notification timelines. The law goes into effect on Sept. 1. Colorado’s law overlaps with HIPAA requirements and includes passwords and passcodes.