Duties of Controllers
Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.
What it requires
Requires controllers to specify processing purposes, minimize data collection, implement data security, avoid processing sensitive data without consent, and provide transparent privacy notices.
Legal text (excerpt)
A controller shall specify the express purposes for which personal data are collected and processed... A controller shall not process sensitive data concerning a consumer without first obtaining the consumer's consent...
Primary source
Colorado Attorney General: § 6-1-1308: Duties of Controllers ↗Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.