C.R.S. Section 24-37.5-122
Study of personally identifiable information

  • authority of chief information officer
  • report to joint technology committee
  • definitions
  • repeal

(1)

The chief information officer shall convene an advisory group to study where personally identifiable information is stored by state agencies throughout Colorado, to study entities that have access to personally identifiable information stored by state agencies, and to determine the costs and processes necessary to centralize the storage and protection of personally identifiable information.

(2)

The advisory group consists of:

(a)

The members of the government data advisory board created in section 24-37.5-703;

(b)

One member who represents the attorney general’s office, appointed by the attorney general; and

(c)

Any number of members who are personally identifiable information experts selected and appointed by the chief information officer.

(3)

On or before January 1, 2023, the advisory group shall complete its work and present to the joint technology committee a summary of the advisory group’s findings, including, if appropriate, proposals for legislation.

(4)

As used in this section:

(a)

“Personally identifiable information” means information that may be used, along or in conjunction with any other information, to identify a specific individual, including but not limited to a name; a date of birth; a place of birth; a social security number or tax identification number; a password or pass code; an official government-issued driver’s license or identification card number; information contained in an employment authorization document; information contained in a permanent resident card; vehicle registration information; a license plate number; a photograph, electronically stored photograph, or digitized image; a fingerprint; a record of a physical feature, a physical characteristic, a behavioral characteristic, or handwriting; a government passport number; a health insurance identification number; an employer, student, or military identification number; a financial transaction device; a school or educational institution attended; a source of income; medical information; biometric data; financial and tax records; home or work addresses or other contact information; family or emergency contact information; status as a recipient of public assistance or as a crime victim; race; ethnicity; national origin; immigration or citizenship status; sexual orientation; gender identity; physical disability; intellectual and developmental disability; or religion.

(b)

“State agency” means any department, commission, council, board, bureau, committee, institution of higher education, agency, or other governmental unit of the executive, judicial, or legislative branch of state government.

(5)

This section is repealed, effective January 1, 2024.

Source: Section 24-37.5-122 — Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal, https://leg.­colorado.­gov/sites/default/files/images/olls/crs2023-title-24.­pdf (accessed Oct. 20, 2023).

24‑37.5‑101
Legislative declaration - findings 24‑37.5‑102
Definitions 24‑37.5‑103
Office of information technology - creation - information technology revolving fund - geographic information system coordination 24‑37.5‑105
Office - roles - responsibilities - state search interface - rules - legislative declaration - definitions 24‑37.5‑105.2
State agencies - information technology - responsibilities 24‑37.5‑105.4
Delegation of authority 24‑37.5‑106
Chief information officer - duties and responsibilities 24‑37.5‑116
Communications and stakeholder management plan 24‑37.5‑117
Use of technology to interact with citizens - working group - strategic plan 24‑37.5‑118
Change of references - director to revisor of statutes 24‑37.5‑119
Broadband service - report - broadband deployment board - broadband administrative fund - creation - rules - legislative declaration - definitions - repeal 24‑37.5‑120
Technology risk prevention and response fund - creation - definitions 24‑37.5‑121
Digital access to government services - strategic plan - reporting - legislative declaration - definitions 24‑37.5‑122
Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal 24‑37.5‑123
Colorado operations resource engine upgrade and continuous improvement project - reporting 24‑37.5‑401
Legislative declaration 24‑37.5‑403
Chief information security officer - duties and responsibilities 24‑37.5‑404
Public agencies - information security plans 24‑37.5‑404.5
Institutions of higher education - information security plans 24‑37.5‑404.7
General assembly - information security plans 24‑37.5‑405
Security incidents - authority of chief information security officer 24‑37.5‑701
Legislative declaration - intent 24‑37.5‑702
Government data advisory board - created - duties - definition 24‑37.5‑703
Interdepartmental data protocol - contents 24‑37.5‑704
Data-sharing - authorization 24‑37.5‑801
Information technology asset inventory - refresh cycle schedule - report 24‑37.5‑802
Information technology budget requests - working group - report 24‑37.5‑901
Legislative declaration 24‑37.5‑902
Definitions 24‑37.5‑903
Colorado broadband office - creation - responsibilities - gifts, grants, or donations 24‑37.5‑904
Digital inclusion grant program - income-eligible household reimbursement program - creation - award criteria - digital inclusion grant program fund - definition - reporting - repeal
Green check means up to date. Up to date

Current through Fall 2024

§ 24-37.5-122’s source at colorado​.gov