Colorado’s new biometric data rule, adopted under the Colorado Privacy Act and House Bill 24-1130, is set to take effect July 1, 2025. Unlike the CPA, it will significantly impact how employers collect, use, and retain biometric data from employees.
If your organization uses technologies like fingerprint scanners, facial recognition, or other biometric identifiers for timekeeping, security, or access control, you may be subject to these new requirements. Starting July 1, employers will need to adopt a written biometric data policy, obtain consent before collection, and ensure strict safeguards for storage and destruction, in order to comply with the new rule.
To help you prepare, we’ve published a comprehensive whitepaper covering the new rule and what it means for Colorado employers. This resource, which can be found here, outlines your compliance obligations, provides practical steps for implementation, and clarifies how the rule interacts with broader privacy responsibilities under the Colorado Privacy Act.
We’re also preparing additional documents and consent forms to support your compliance efforts. If you have any questions, please reach out to an Employers Council attorney.
Mark Decker is an attorney for Employers Council.