Key Takeaways From The Annual Colorado Privacy Summit

Ballard Spahr recently co-hosted the 2025 Colorado Privacy Summit with Zaviant on September 25. The event brought together thought leaders and decision makers in privacy and cybersecurity to discuss key issues, focusing on emerging regulations, litigation risks, and the convergence of privacy and security. Below are the key takeaways from the event.

Keynote Focus: Regulation, Enforcement, and AI

The Regulatory and Enforcement Landscape. Colorado Attorney General Phil Weiser participated in a Fireside Chat with Greg Szewczyk, the Chair of Ballard Spahr's Privacy and Data Security Group. They discussed significant changes in privacy-related laws, regulations, and enforcement over the past year. Topics covered included the growing use of personal data and multi-state enforcement efforts. The following topics were also discussed:

• Update on Colorado AI Rulemaking (ADAI Act). The Colorado Attorney General's office noted that it does not currently intend to issue rulemaking on the Colorado AI Act (ADAI Act) prior to June 2026 given that the legislature is still contemplating amendments to the law next session.
• Federal Challenges to State AI Authority. A critical discussion point was the recent federal challenges to states' authority over AI regulation.

Scroll, Click, Sue: The Pixel Litigation Boom

• Understanding Online Tracking Risks. This panel, titled "Scroll, Click, Sue: The Pixel Litigation Boom and Tips for Mitigating Risk," offered a timely discussion on the legal, business, and insurance implications of online tracking technologies.
• Focus on High-Profile Litigation. The discussion centered on the growing wave of litigation following high-profile cases, such as the recent California jury verdict in a high profile CIPA case.
• Practical Risk Mitigation. The session provided practical insights for companies seeking to balance customer engagement with compliance obligations.
• Panel Leadership. The session was moderated by privacy class action litigator Matt Thornton, Of Counsel, Ballard Spahr. Panelists included Tim Burke, EVP, Head of Cyber Risk, IMA, Inc., and Erin Vorhies, Vice President of Digital Growth and Engagement, Alterra Mountain Company.

Evolving Compliance: Bridging Privacy, Security, and AI Governance

• Convergence of Security and Privacy. This panel explored how privacy is rapidly aligning with security. Compliance strategies require bridging the gap between privacy, security, and AI governance.
• Integrating Global Standards and Cyber Defenses. The discussion emphasized weaving together requirements from General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and global standards with advanced cyber defenses.
• Strategy and Innovation Through Privacy-by-Design. Industry leaders presented forward-looking, privacy-by-design strategies and integrated team approaches. The ultimate goal is to empower organizations to safeguard data, maintain compliance, and turn the convergence of privacy and security into a catalyst for innovation and trust.
• Panel Leadership. The session was moderated by Will Sweeney, Managing Partner, Zaviant. Panelists included Ryan Karlin, Vice President of Product Management, OneTrust, and Hugo Teufel, Vice President, Deputy General Counsel and Chief Privacy Officer, Lumen Technologies.

Click here for recordings and written materials from the event.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.