Skip to main content
Colorado General AssemblyToggle Main Menu
Agency NameToggle Agency Menu

Nonprofit Member Data Privacy & Public Agencies

Concerning protecting the privacy of persons associated with nonprofit entities, and, in connection therewith, prohibiting public agencies from taking certain actions relating to the collection and disclosure of data that may identify such persons.
2024 Regular Session
Local Government
State Government
Bill Summary

With certain exceptions, the act prohibits a public agency from:

  • Requiring any person to provide the public agency with data that may identify a member of a nonprofit entity (member-specific data) or compelling the disclosure of member-specific data;
  • Disclosing member-specific data to any person; or
  • Requesting or requiring a current or prospective contractor or a current or prospective grantee of a grant program administered by the public agency to provide a list of nonprofit entities to which the current or prospective contractor or grantee has provided financial or nonfinancial support.

A nonprofit entity or any of its members affected adversely by a public agency's violation of the act's provisions may initiate a civil action against the public agency in district court for injunctive relief, damages, or such other relief as is appropriate. Notwithstanding existing laws concerning governmental immunity, a court may award damages against a public agency that violates the act's provisions as follows:

  • Not less than $2,500 for each reckless violation; and
  • Not less than $7,500 for each intentional violation.

A court may also award the costs of litigation to a complainant that prevails in such an action.

The act prohibits a custodian of public records (custodian) from requiring a nonprofit entity to produce member-specific data that is contained in public records if such records are not subject to inspection and copying pursuant to the "Colorado Open Records Act". A custodian must deny any request to inspect, copy, or reproduce any member-specific data in the possession of a public agency and provided to the public agency by a nonprofit entity. A custodian must not require a nonprofit entity to produce records and information relating to the identification of individual employees of nonprofit entities with whom the public entity contracts for services or of individual employees of subcontractors of such nonprofit entities.

APPROVED by Governor May 28, 2024

EFFECTIVE August 7, 2024
(Note: This summary applies to this bill as enacted.)


Became Law


Bill Text

The effective date for bills enacted without a safety clause is August 7, 2024, if the General Assembly adjourns sine die on May 8, 2024, unless otherwise specified. Details