Effective 9/1/18, Colorado's HB 18-1128
establishes "groundbreaking" new cybersecurity standards for the state.
We are still assessing the impact of this regulation- it uses the increasingly common "reasonableness" standard in expecting companies to take the appropriate safeguards regarding consumer personal information.
Given that the NIST security framework version 1.1 was just announced in April
- it would appear that CO is adding to the list of states that expects companies to implement it or something similar.