Colorado's new privacy law just recently came into effect on July 1st.  What many people have missed is that this new law has requirements for loyalty programs that will probably require most companies to amend their loyalty program terms. Pursuant to the Colorado law, consumers have the right to request that a company delete their personal or sensitive information.  If the deletion of the consumer's personal or sensitive information makes it impossible for a business to provide the loyalty program or certain benefits, the company is no longer obligated to provide either the program or those benefits. However, the company must give the consumer at least 24 hours' notice prior to discontinuing the loyalty program membership or benefit.  

In addition to the 24 hours' notice, the Colorado Privacy Law also requires the following information be included in the loyalty program terms and the associated privacy notice:

1.  The categories of personal data or sensitive data collected through the loyalty program that will be sold or processed for targeted advertising

2.  Categories of third parties that will receive the consumer's personal data and sensitive data, including whether personal data will be provided to data brokers

3.  The value of the loyalty program benefits available to the consumer if the consumer opts out of the sale of personal data or processing of personal data for targeted advertising, and the value of the loyalty program benefits available to the consumer if the consumer does not opt out of the sale of personal data or processing for targeted advertising

4. A list of any loyalty program benefits that require the processing of personal data for sale or targeted advertising, and the third party receiving the personal data and providing each such bona fide loyalty program benefit, if applicable.  

5.  A link to the privacy policy.

Since the Colorado Law already has taken effect, companies should quickly review their loyalty program terms to determine whether they are in compliance with this law. In addition, companies that have loyalty program terms that are connected to a credit card should also consider how these changes may implicate the new New York Credit Card Loyalty Program law, which goes into effect in December 2023.  (The law was originally slated to go into effect in December 2022 but its effective date was postponed for one year.)  For more information about the New York Credit Card Loyalty Program law, see our prior client alert: https://www.loeb.com/en/insights/publications/2022/03/new-york-law-requires-credit-card-rewards-programs-to-give-notice-of-reward-program-changes