Embedded Files
It’s important to regularly pause and reflect on how we collect, use, store and protect data—both in our personal lives and in our roles as state employees. The National Cybersecurity Alliance’s 2026 theme, “Take Control of Your Data,” highlights a shared responsibility: safeguarding information is essential to maintaining public trust and delivering effective, secure government services.
Data Privacy Week is a yearly initiative dedicated to raising awareness about the importance of protecting personal data. Celebrated worldwide during the final week of January, it educates individuals and organizations about data rights, emphasizes the need for secure information management, and promotes responsible data practices. The initiative began as Data Privacy Day in the United States and Canada in January 2008, extending Europe’s Data Protection Day, and is promoted by the National Cybersecurity Alliance (NCA), the nation’s leading nonprofit public-private partnership focused on cybersecurity and privacy education and awareness.
Why Data Privacy Matters in Government
Data privacy is important to everyone—but it is especially critical for state employees because of the trust, responsibility and impact tied to public service. When data is mishandled or exposed, the consequences can be significant—impacting individuals’ privacy, agency operations and public confidence in government.
What “Taking Control” Looks Like for State Employees
Taking control of data does not mean avoiding technology—it means using it wisely and securely. For state employees, this includes:
Protecting Your State Information: Be mindful of the state data you share online and with whom you share it. When we’re in a hurry, we can make mistakes. So it’s important to think before you share potentially sensitive information, such as personally identifiable information (PII), by double-checking your sender list to ensure you have the correct recipients.
Strengthening Security: Use unique passphrases that exceed basic password requirements and are more secure. A good passphrase is long and hard to guess, while still being easy for you to remember. For example, HikingInColoradoWithMy2Dogs.
Staying Aware of Scams: Watch for phishing emails, fake websites and other tactics used to steal your state credentials and gain unauthorized access to state systems.
Knowing How to Report an Event: Contact the OIT Service Desk at 303.239.HELP (4357) or through the OIT ServiceHub Customer Portal when you suspect something has occurred, even if it’s accidental.
Every action—no matter how small—plays a role in reducing risk.
Quick Links
Data Privacy: Take control of your data
Data Privacy Week began as Data Privacy Day in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. The National Cybersecurity Alliance (NCA), the nation's leading nonprofit, public-private partnership, promotes cybersecurity and privacy education and awareness.
Your online activity creates a treasure trove of data. This data ranges from your interests and purchases to your online behaviors, and it is collected by websites, apps, devices, services and companies all around the globe. Your data is valuable! You can help manage your data privacy with a few repeatable behaviors. Find more information and resources on the National Cybersecurity Alliance website.
Privacy Starts With Us
As State of Colorado employees, we manage sensitive information every day. We are entrusted by citizens who depend on us to protect it. Data privacy is a shared responsibility, not just an IT concern. Whether accessing records, handling documents, or using email, we all play a critical role in safeguarding information. Beyond compliance and policies, it’s about protecting the people we serve, preserving public trust, and supporting the values and systems that keep Colorado strong and effective.
Data privacy focuses on the right to safeguard personal information in the digital world. So what are some of the different types of protected data?
Personally Identifiable Information (PII) includes any information that can identify an individual, such as names, Social Security numbers, addresses, phone numbers, or driver’s license numbers.
Protected Health Information (PHI) includes medical records, insurance details, and any health-related data tied to an individual’s identity.
Federal Tax Information (FTI) includes Social Security numbers, earnings, wages, payments from retirement income, filing status, tax refunds, and any other information on federal tax returns.
Criminal Justice Information (CJIS) includes sensitive information about criminal activity, investigations, and individuals involved in the criminal justice system.
Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of students' education records. FERPA applies to public and private schools, as well as state and local education agencies that receive federal funds.
Financial information includes payment card data, bank account numbers, tax information, or any information related to financial transactions.
42 CFR Part 2 includes any information about a patient’s substance use disorder treatment.
Student Information includes academic records, enrollment details and any information about a student’s identity.
How We Can Protect Our Data
Be Able to Recognize and Report Phishing Emails: Use Gmail’s Report Suspicious icon on the right side navigation in your state inbox to report a suspicious email.
Report Suspected Breaches: If you suspect a data breach or accidental exposure, call the OIT Service Desk immediately at 303-239-4357.
Think Before You Share: Verify requests for sensitive data and share only with authorized parties.
Secure Your Workstations: Lock your devices when away from your desk and avoid using unfamiliar or public Wi-Fi to access sensitive information unless you are on the GlobalProtect VPN. A VPN creates a secure, encrypted connection between your device and the Internet. This makes it nearly impossible for hackers, third parties, or internet service providers to intercept or exploit our data.
Follow Encryption Practices: Use approved tools to encrypt emails and files containing protected data.
Your Responsibilities as a State Employee:
Adhere to the Statement of Compliance.
Adhere to the State’s Technical Standards and Policies.
Report abuse