Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

California Privacy Act Unanimously Approved

California lawmakers unanimously passed a consumer privacy bill that will dramatically change how businesses handle data. The bill, signed by Gov. Jerry Brown, grants Californians the power to hold companies accountable for abuse of their data.

Prior to the bill’s approval, tech companies and privacy rights advocates engaged in tense negotiations and landed on a “watered-down version of a more expansive initiative proposed by Alastair Mactaggart, a San Francisco real estate developer who spent more than $3 million on his campaign to qualify the measure for the ballot," the Sacramento Bee reported. The governor’s signature confirmed the unanimous approval, effectively removing the measure from ballot.

The California Consumer Privacy Act, Assembly Bill 375, allows members of the public to request that a company delete their personal information. The bill also requires that those businesses selling consumers’ information disclose the category of information they collect and that they gain opt-in consent in order to sell the data of anyone under 16.

In the event of an unauthorized breach of non-encrypted personal information, consumers can now sue companies for up to $750, a caveat criticized by Sen. Jim Neilson who still voted for the bill but expressed concerns over lawyers filing frivolous lawsuits.

Since the GDPR went into full effect, many have been expecting legislation of this kind to gain traction among consumers in the US. “Other states like New York and Massachusetts will likely follow suit and draft their own citizen-friendly data rights laws. Many individual states will not sit on their hands waiting for a federal initiative that may never come,” said Absolute’s global security strategist, Richard Henderson.

“Companies will likely have to follow the most restrictive rules and guidelines going forward. For most companies, it will be far too encumbering for them to build out systems for each unique set of guidelines as they come into being. Much like GDPR, the time for businesses to act is sooner rather than later. There are plenty of Attorneys General who will not hesitate to go after companies who thumb their noses at these rules.”

What’s Hot on Infosecurity Magazine?