Colorado enacted a sweeping new data security law that will impact businesses. The Data Security Law (HB 18-1128) imposes several requirements on companies that maintain the personal information of Colorado residents. Specifically, the data security law establishes new obligations regarding: (1) data breach response; (2) the protection of certain types of personal information; and (3) the disposal of certain types of personal information.

There are no exemptions for type or size of business. The new law demands that organizations maintain reasonable procedures and practices to ensure their client/employee data is safe. If you are not using best commercial practices it will be hard to defend your actions if you end up in court.

As payroll specialists, we recommend our clients use caution to protect their employees’ personal information. Here are some things that should be addressed:

  • How long do you keep employee data? Where do you store it? How do you dispose of it?
  • How do you provide your payroll company with new hire paperwork? Personal information sent as an attachment to an email is vunerable to identity theft. Have you ever been guilty of doing that?
  • Be sure part of your plan includes ongoing security training for your staff.
  • If you use your cell phone for work email, be sure your cell phone is encrypted so if it is misplaced your emails are safe.

At Payroll Vault, we provide our clients with online portals where payroll data is securely exchanged and saved to protect employees’ sensitive information. We also provide portals for employees to view their paystubs, and W2s, which is much more secure than handing out paper checks that sit at work stations and invite peaking! Please call us if you would like to learn more.


Carol McElwain, Owner