Section 301 – Responsibility according to role.
Effective 12/31/2023 13-61-301. Responsibility according to role. (1) A processor shall: (a) adhere to the controller’s instructions; and (b) taking into account the nature of the processing and information available to the processor, by appropriate technical and organizational measures, insofar as reasonably practicable, assist the controller in meeting the controller’s obligations, including obligations related to […]
Section 302 – Responsibilities of controllers — Transparency — Purpose specification and data minimization — Consent for secondary use — Security — Nondiscrimination — Nonretaliation — Nonwaiver of consumer rights.
Effective 12/31/2023 13-61-302. Responsibilities of controllers — Transparency — Purpose specification and data minimization — Consent for secondary use — Security — Nondiscrimination — Nonretaliation — Nonwaiver of consumer rights. (1) (a) A controller shall provide consumers with a reasonably accessible and clear privacy notice that includes: (i) the categories of personal data processed by […]
Section 303 – Processing deidentified data or pseudonymous data.
Effective 12/31/2023 13-61-303. Processing deidentified data or pseudonymous data. (1) The provisions of this chapter do not require a controller or processor to: (a) reidentify deidentified data or pseudonymous data; (b) maintain data in identifiable form or obtain, retain, or access any data or technology for the purpose of allowing the controller or processor to […]