California Enacts the ‘First Truly Sweeping Privacy Regime’ in Record Time

July 5th, 2018|Categories: HB Risk Notes|Tags: , , |

The California legislature -- apparently not wanting to be pegged as just another slow-moving governing body -- took the California Consumer Privacy Act of 2018 from proposal to passage to signing in one week. Critics weren't sitting on their hands either. "Businesses Blast California’s New Data-Privacy Law," read one headline in the Wall Street Journal. For consumers, Californians anyway, the good news is that they can refuse to allow companies to sell their personal data. But, the WSJ reported, business across the country say the law will cause "far-reaching damage to everything from retailers’ customer-loyalty programs to data gathering by Silicon Valley tech giants." Law firms are cranking out their advisories and analyses. Sullivan & Cromwell says the CCPA establishes a new privacy framework for covered businesses by: "Creating an expanded definition of personal information for purposes of the Act; "Creating new data privacy rights for California consumers, including rights to know, access, have deleted and opt out of the sale of their personal information; "Imposing special rules for the collection of consumer data from minors; and "Creating a new and potentially severe statutory damages framework for violations of the Act and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches." The firm also offered a quick comparison between the CCPA and the GDPR.  "At a high [...]