On Thursday, March 16, 2019, the California Senate Appropriations Committee held in Committee SB 561, which would have greatly expanded the private right of action (i.e., the ability to bring private class actions) available under the California Consumer Privacy Act (“CCPA”). SB 561 was introduced in February by California Attorney General (“AG”) Xavier Becerra and Senator Hannah-Beth Jackson. Notably, the bill sought to amend the existing private right of action to cover all violations of the CCPA, as opposed to merely data breaches. Additionally, the bill would have discontinued the 30-day cure period, whereby businesses were immunized from penalization by the AG to the extent they were able to cure an alleged violation within 30-days’ notice thereof, and would have eliminated businesses’ and third parties’ entitlement to seek interpretive guidance regarding compliance from the AG (and instead would authorize the AG to publish general guidance).
As companies were getting up-to-speed on the effects of the European Union’s General Data Protection Regulation (GDPR) last year, California quickly enacted its own privacy law, the California Consumer Privacy Act (“CCPA” or “Act”) last June. We address below the high risk associated with the CCPA and its interaction with regulations in key U.S. industries. The fast-passed legislation was designed to avoid a November 2018 ballot initiative on the subject, and was plagued by errors and ambiguities that require robust clarification. The Act’s take-away, however, was abundantly clear – California consumers have a right to know what personal data companies are collecting and are empowered to bring a private right of action for a data breach (and even potentially for other violations of the Act).
By: Joseph Lynyak, Robert Cattanach, and Sam Bolstad 1. Introduction On June 28, 2018, the California Legislature unanimously passed, and the Governor immediately signed, a sweeping expansion of data privacy protections for residents of California.1 Assembly Bill No. 375, entitled the “California Consumer Privacy Act of 2018” (the “CCPA”), goes far beyond current U.S. privacy protections,… Read More
Financial institutions that are grappling with how the European Union’s General Data Protection Regulation (“GDPR”)may impact their U.S. operations should also be keeping a close eye on the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA, or Assembly Bill (“AB”) No. 375, which was passed on June 28, 2018 and is set to take effect in 2020, mirrors some GDPR protections by providing California residents greater control over the dissemination of their personal data, including the option of barring companies from selling their data.
Back in 1972, California voters added privacy to the state constitution’s list of inalienable rights. On June 28, 2018, the California Legislature enacted and Governor Brown signed the California Consumer Privacy Act of 2018. The new Privacy Law creates one of the most comprehensive frameworks for regulating digital privacy in the United States.