Industry Groups Seek Clarifications on Colorado Privacy Rule Changes
Some industry groups raised concerns about proposed amendments to Colorado privacy rules concerning children and biometric data. The Colorado attorney general’s office held a rulemaking hearing Thursday to gather public comments on proposed draft amendments to the Colorado Privacy Act…
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Rules (see 2409160036). The draft amendments, published Sept. 13, provide updated language to align with children’s and biometric privacy bills the Colorado legislature approved this year and create a process for issuing opinion letters and interpretive guidance. The proposed rules include definitions of “child” versus “minor,” as well as requirements for notifying consumers before collecting or processing biometric identifiers. Employers must also gain consent from employees before collecting and processing biometric identifiers. State Privacy and Security Coalition lobbyist Andrew Kingman said separate obligations for biometric data and biometric identifiers could be confusing. “Our comments really focus on how to simplify this so that consumers have a single notice or are directed to a single notice where all of that information can be easily comprehended,” he said during the hearing. Additionally, Kingman suggested deleting the reference to “minors” as a part of the children’s privacy policy, saying it is “impractical” to distinguish between a 22-year-old and a 17-year-old. Kingman also asked for modifications to the consent requirement in the employment context, noting that the interaction between an employer and employee differs from the interaction between consumers and controllers. Phoebe Blessing, manager of public policy with the Colorado Hospital Association, also recommended an exception to the new biometric collection amendments on employees, such as when employers use employees' biometric information for authentication purposes. “For example, many of our hospitals require the use of fingerprints to access medication cabinets and dispense drugs,” Blessing said. She also recommended an exception for when healthcare providers use a patient’s biometric information in relation to the treatment process. Several other citizens spoke at the hearing about concerns for privacy but lacked specific input regarding the proposed amendments. The AG office also posted written comments that were due later Thursday night.