MoneyConsumer

Actions

With recent data breaches, AG urges private and public sector responsibility

Colorado Privacy Act establishes data policy expectations for private companies but does not include all agencies that manage and collect our data
With recent data breaches, AG urges private and public sectors to be responsible
Posted
and last updated

COLORADO SPRINGS — Colorado consumers continue to be impacted by data breaches that compromise sensitive information being held by both private and public entities in the state. News5 is following up with Colorado’s attorney general about the impact of these cyber attacks and why it’s such a problem.

Recent data breaches that put many of us here in Colorado at risk of identity theft. Attorney General Phil Weiser didn’t take a stance on if new laws were needed for how the state manages our data, but he says he’s open to working with lawmakers and the governor to find ways to strengthen data security and consumer protection laws.

Cybercriminals continue to look for ways to steal our sensitive information, things like social security numbers and birth dates from private companies and even public agencies within the State of Colorado. Attorney General Phil Weiser says he recognizes the problem.

”Sadly all of our information is out there often in the hands of companies that don’t protect it. What happens is it gets in the hands of these scam artists who will use it against us,” said Weiser.

“When we’re talking about the way our state agencies manage our data, house it, store it, do you think that’s worth a conversation? Maybe even in the next session with our lawmakers?” asked News5 reporter Patrick Nelson.

”It is critical that we manage all of our data whether held by public or private entities responsibly,” Weiser responded. “It’s critical that consumers know when data that involves their personal information has been hacked or accessed by outside parties.”

While people impacted by the recent Colorado Department of Higher Education data breach are still waiting to see if there will be any changesin policy or law in how the state manages our data, a new law did go into effect this year that raises the state’s expectations on how private companies manage our data.

”We’ve enacted the Colorado Privacy Act and it has some crucial protections,” said Weiser. “Companies now have a requirement to conduct this data protection assessment asking the very questions we must ask. What data are you collecting? For how long? How are you storing? Who has access to it? The reality is too many companies have stored too much data for too long with too little protections, but that’s changing in Colorado.”

Right now in Colorado there is no requirement to offer free credit monitoring or ID theft protection to impacted consumers in the wake of a data breach, but many companies or agencies that are compromised do follow the suggestion from the Federal Trade Commission to offer at least one year.

Weiser says all of us should be keeping an eye on our credit for signs of identity theft that often follow data breaches.

”If you aren’t already looking at your credit scores regularly, please consider checking them out. Someone could open up a credit card in your name and you might not know it,” warned Weiser. “If you can see your credit monitoring you’re going to find out sooner that something is wrong.”

Right now letters are going out to private companies from the Colorado Attorney General’s Office to establish the requirements of data collection and protection under the Colorado Privacy Act. Now by law, the attorney general could fine companies $20,000 per violation if they don’t come into compliance within 60 days.

Lawmakers will have to decide if there should be more protections for how consumer data is managed by the state, and in the education system that don’t fall under the current law.

We will make sure to follow up to see where they stand on this issue.