HB11-1225 Summary

• Provides civil liability immunity for individuals and commercial entities from data security breaches if the breach was committed by an unauthorized third party and the entity was audited and certified as implementing best practices and meeting IT security standards.

• Allows entities without prior audit certification to raise a rebuttable presumption of non-negligence by demonstrating compliance with identified best practices and security standards.

• Requires Colorado's Chief Information Officer to identify an entity to certify qualified data security auditors and establish best practices and IT security standards, with annual review and public posting.

• Permits victims of computer crimes or data breaches to petition courts for subpoenas requiring breached entities to provide information about perpetrators, with immunity granted to entities providing information in good faith.

• Creates a new class 1 misdemeanor for receiving stolen computer-related property (including data) with intent to deprive the owner of its use, commit another crime, or damage the owner's reputation; effective July 1, 2011.