Yesterday Gov. Jerry Brown signed California Consumer Privacy Act of 2018, which grants California residents unprecedented control over the collection, use, and sale of personal information. Many have already speculated that other state legislatures will follow suit and adopt a similar law in their own states, as has occurred in the wake of past California laws on data privacy and security. A copy of the law can be found here.

Among other provisions, the law states that:

  • Californians have the right to request that a business that collects a consumer’s personal information disclose what categories and specific pieces of personal information the business has collected;
  • Californians have the right to request that a business delete any personal information about the consumer;
  • Californians have the right to direct a business not to sell the consumer’s personal information, which is referred to as the right to opt out; and
  • Californians can bring a private right of action against a company if there is an unauthorized breach of non-redacted or non-encrypted personal information.

As written, the definition of “Personal Information” goes beyond every existing data breach notification law in the United States to include, “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

The California Consumer Privacy Act is set to go into effect in 2020, but is subject to change after it has gone through the amendment process. The California Attorney General will also play a key role in adopting regulations to elaborate on the law, as the law requires the Attorney General to solicit “broad public participation”.

Additional analysis is forthcoming as Password Protected continues to monitor developments surrounding the law.

EmailTweetLikeLinkedInGoogle Plus
Photo of Meaghan Pedati Meaghan Pedati

Meaghan helps her clients navigate international, federal and state privacy and cybersecurity laws so that they may successfully manage risk and accomplish their business goals. Specifically, she advises clients on the New York DFS Cybersecurity Regulation, the GDPR, GLBA, and NIST. She is a member of the firm’s Data Privacy and Security industry team and serves as an editor of the Password Protected blog.

Photo of Michael J. Adams Michael J. Adams

Michael serves as chair of the Data Privacy and Security practice’s financial services and defense and government contracts teams. He is a first responder and 24/7 advisor to clients faced with data breaches and other cybersecurity incidents. In 2017, he led McGuireWoods’ response to what may have been the most complex, high-value disclosure of sensitive customer information in history on behalf of a Fortune 50 financial institution.

Photo of Andrew Konia Andrew Konia

Andrew’s practice is singularly focused on protecting clients’ businesses and data, anticipating disputes, and strengthening their competitive position in the marketplace.

Photo of Emily Voorheis Emily Voorheis

Emily counsels clients in intellectual property and marketing matters across a range of industries. She advises clients on intellectual property portfolio management, including trademark clearance, prosecution, maintenance, licensing and enforcement. Emily works closely with corporate teams on the intellectual property aspects of transactions and transactional matters, including due diligence in mergers and acquisitions and corporate financing. She also advises clients on advertising and marketing matters, including sweepstakes, contests and promotions, “green” claims, “Made in USA” claims, endorsements, disclaimers, claim substantiation and advertisement review and clearance.