eDiscovery Daily Blog

In California, Data Privacy Foresight is 2020: Data Privacy Trends

2018 is certainly on its way to becoming the year of data privacy rights for the individual.  Barely over a month after the General Data Protection Regulation (GDPR) came into effect in the European Union, California has passed a new data privacy law which will give consumers the right to obtain data collected about them, the right to request deletion of the data, and the right to direct a business not to sell the information to third parties.

As reported by the ABA Journal, ARS Technica and Ride the Lightning (among other sites), the California Consumer Privacy Act of 2018 was approved unanimously by the state Senate and Assembly on June 28 and was signed by Gov. Jerry Brown.  The law is set to take effect on January 1, 2020 (which explains my “clever” blog title)… :o)

A legislative bill summary says the law will give Californians “the right to know what PI [personal information] is being collected about them and whether their PI is being sold and to whom; the right to access their PI; the right to delete PI collected from them; the right to opt-out or opt-in to the sale of their PI, depending on age of the consumer; and the right to equal service and price, even if they exercise such rights.”

The bill requires companies to disclose personal data collected when a consumer requests it, up to two times a year, and to delete and stop selling the personal information to third parties upon request.  It also prevents businesses from selling personal information about minors to third parties, unless the parent of a minor less than 13 affirmatively authorizes the sale, or the minor between the ages of 13 and 16 opts in to the sale.

A consumer whose data is hacked is entitled to recover statutory damages of up to $750 in a civil suit when companies fail maintain reasonable security procedures. However, consumers can’t sue unless they 1) first notify the business and the state attorney general, 2) the business doesn’t correct the problem in 30 days and 3) the state attorney general does not bar the suit.  A lot of contingencies and a small damage amount, though that number could add up if several consumers are involved and sue.  Also, intentional violations can bring civil penalties of up to $7,500 per violation.

The group Californians for Consumer Privacy had sponsored a ballot initiative and had gathered roughly 625,000 signatures to get the initiative on the ballot in November, but group chair and ballot question sponsor Alastair Mactaggart agreed to pull the question if the state passed the bill by June 28, the last day in which the question could be pulled from the ballot.

Will other states follow suit?  In 2018, the year of data privacy, I wouldn’t be surprised if they do and do so quickly.

So, what do you think?  Does this law go far enough in protecting data privacy rights of Californians?  Or does it fall short?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.