What is De-identified Data in the Colorado Privacy Act (“CPA”)?
De-identified data means data that cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable individual, or a device linked to such an individual, if the controller that possesses the data:
(a) Takes reasonable measures to ensure that the data cannot be associated with an individual;
(b) Publicly commits to maintain and use the data only in a de-identified fashion and not attempt to re-identify the data; and
(c) Contractually obligates any recipients of the information to comply with the requirements of this subsection (11).
Stay Ahead of the Curve! Explore our comprehensive CLIClaw Colorado Privacy Compliance Library for in-depth resources and insights.
These materials were obtained directly from the State Government public websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.