(I) Direct the person whose personal information has been breached to promptly change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the covered entity and all other online accounts for which the person whose personal information has been breached uses the same username or e-mail address and password or security question or answer.
(II) For log-in credentials of an e-mail account furnished by the covered entity, the covered entity shall not comply with this section by providing the security breach notification to that e-mail address, but may instead comply with this section by providing notice through other methods, as defined in subsection (1)(f) of this section, or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an internet protocol address or online location from which the covered entity knows the resident customarily accesses the account.
Source: L. 2006: Entire section added, p. 536, § 1, effective September 1. L. 2010: (2)(d) amended, (HB 10-1422), ch. 419, p. 2064, § 9, effective August 11. L. 2018: (1) R&RE, (2), (3), and (4) amended, and (5) added, (HB 18-1128), ch. 266, p. 1634, § 3, effective September 1.
Structure Colorado Code
Title 6 - Consumer and Commercial Affairs
Article 1 - Colorado Consumer Protection Act
§ 6-1-701. Dispensing Hearing Aids - Deceptive Trade Practices - Definitions
§ 6-1-702. Unsolicited Facsimiles - Deceptive Trade Practice - Definitions
§ 6-1-703. Time Shares and Resale Time Shares - Deceptive Trade Practices
§ 6-1-703.5. Time Share Resale Transfer Agreements - Deceptive Trade Practices
§ 6-1-704. Health Clubs - Deceptive Trade Practices
§ 6-1-705. Dance Studios - Deceptive Trade Practices
§ 6-1-706. Buyers' Clubs - Deceptive Trade Practices
§ 6-1-707. Use of Title or Degree - Deceptive Trade Practice
§ 6-1-708. Vehicle Sales and Leases - Deceptive Trade Practice - Definition
§ 6-1-709. Sales of Manufactured Homes - Deceptive Trade Practices
§ 6-1-712. Discount Health Plan and Cards - Deceptive Trade Practices - Definitions
§ 6-1-713. Disposal of Personal Identifying Information - Policy - Definitions
§ 6-1-713.5. Protection of Personal Identifying Information - Definition
§ 6-1-714. Unfair Drug Pricing Practice - Deceptive Trade Practice - Definitions
§ 6-1-715. Confidentiality of Social Security Numbers
§ 6-1-716. Notification of Security Breach
§ 6-1-717. Influencing a Real Estate Appraisal - Deceptive Trade Practice
§ 6-1-718. Ticket Sales and Resales - Prohibitions - Unlawful Conditions - Definitions
§ 6-1-719. Truth in Music Advertising
§ 6-1-720. Online Event Ticket Sales - Deceptive Trade Practice - Definitions
§ 6-1-721. Like-Kind Exchanges by Exchange Facilitators - Deceptive Trade Practice - Definitions
§ 6-1-722. Gift Certificates - Validity - Exemptions - Definitions
§ 6-1-723. Cathinone Bath Salts - Deceptive Trade Practice
§ 6-1-725. Synthetic Cannabinoids - Incense - Deceptive Trade Practice
§ 6-1-726. Sale of Public Services - Deceptive Trade Practice - Definition
§ 6-1-728. Solicitation of Fee for a Deed or Deed of Trust - Definitions
§ 6-1-729. Assisted Living Residence Referral - Disclosures - Penalty - Fine - Definitions