The California Data Privacy Protection Act and its Standard for New Regulations

The California Data Privacy Protection Act, which was passed in June 2018, becomes effective in early 2020. For those covered by the law, now is the time to make sure that you’ll be in compliance with the law once the effective date rolls around.  The law addresses consumer rights to their data privacy and include some of the most comprehensive data rights and regulations enacted by any U.S. state thus far. The act, also known as “AB 375”, has been compared to the European Union’s GDPR because it contains many similar provisions.  Thus, businesses that are already GDPR-compliant should be somewhat prepared for the California law. 

Under AB 375, California residents are afforded data protection rights that enforce transparency from data collection agencies, as well as being given control over the storage their personal data. This personal data can include sleeping habits, financial information, biometric data, family information, geolocation, household purchases, and more. Businesses collecting data will need to disclose to consumers their data practices in an official privacy policy, to be made clear and available on their website. 

Businesses will also be required to answer consumer requests about their data collection practices, including what kind of data is collected and how, why they’re using this information, and which third parties are on the receiving end of their collection. Individuals can also request for their personal data to be deleted. (Under the GDPR, this is known as the “right to be forgotten.”) AB 375 and its regulations will be enforced by California’s attorney general, with the option for consumers to take private action on their behalf as well. 

As similar measures continue to spread across the country and as cybersecurity evolves, it’s crucial to consider the importance of compliance with the standards set forth in AB 375 and/or the GDPR even if your business doesn’t fall within their purview.  By keeping up with the highest of security standards, exercising organized and transparent data collection, and tackling how to uphold consumer rights to data, businesses will be prepared for the increasingly higher standards in this field.  AB 375 will most likely be the first of many new regulations to come, setting a standard for other states to create their own, similar laws and regulations.  (In fact, New York state is currently considering a more sweeping, comprehensive privacy law right now.) As always, I am available to discuss how these laws and regulations may affect you and your business and to help you with the compliance issues that you face in connection with those laws and regulations.

The information presented here is for general educational purposes only. It does not constitute legal advice and does not create an attorney-client relationship.