Volume 15, Issue 3
FALL/WINTER 2018
Security Shredding News Serving the Security Shredding & Records Storage Markets
Visit us online at www.SecurityShreddingNews.com
“While this law (AB 375) just covers California currently, large companies will soon have to offer similar rights to all Americans.”
Sweeping California Privacy Law Could Spark Federal Legislation By P.J. Heller
T
he California Consumer Privacy Act, a sweeping new privacy law signed into law earlier this year by Gov. Jerry Brown, could prompt similar legislation by other states or move Congress to enact a tough nationwide consumer online privacy policy. California‘s Assembly Bill 375, described as the most stringent in the nation, is scheduled to go into effect in 2020. In the meantime, amendments are expected (a so-called “cleanup” bill has already passed) and companies worldwide that meet certain requirements and that collect, use, disclose or receive personal information of California residents will be working to come into compliance. The California bill was unanimously passed in the wake of major data breaches, including the Cambridge Analytica case that involved improper data collection from tens of millions of Facebook users and the Equifax breach that compromised the identity of more than 140 million people. AB 375 was approved shortly after passage of the European Union’s General Data Protection Regulation (GDPR) that gives individuals control over their personal data. Both measures share some general features but concerns have been raised about how companies will meet the different compliance regulations and address varying privacy laws from state to state. Rather than have the privacy measure put to California voters in a November 2018 ballot initiative, legislators scrambled to pass the state law in June to give consumers more control over how companies collect and manage their personal information. It includes provisions that
allow consumers to see the actual data collected, the right to have that data deleted and the ability to opt out of having the information sold. AB 375 “puts the focus on giving choice back to the consumer, a choice which is sorely needed,” said Alastair Mactaggart, chair of Californians for Consumer Privacy which led the privacy effort. James P. Steyer, chief executive officer and founder of Common Sense Media, a major supporter of the measure, called passage of the bill a “huge win.” “The personal information and private data of Americans are routinely collected and used without our knowledge, and our well-being, as well as the health of our democracy, have suffered as a result,” he said. “This is the right first step toward ensuring that Americans have strong data privacy protections. “The state that pioneered the tech revolution is now, rightly, a pioneer in consumer privacy safeguards, and we expect many additional states to follow suit,” Steyer added. He said AB 375 gives consumer privacy advocates a “blueprint for success.” “We look forward to working together with lawmakers across the nation to ensure robust data privacy protections for all Americans,” Steyer said. Not everyone was enamored with the California legislation. Nicole Ozer, technology and civil liberties director for the ACLU of California, said the measure “utterly fails to provide the privacy protections the public has demanded and deserves. Nobody should be fooled to think AB 375 properly protects Californians’ privacy. “This measure was hastily drafted and needs
to be fixed,” Ozer said. “When that happens next year, effective privacy protections must be included that actually protect against rampant misuse of personal information, make sure that companies cannot retaliate against Californians who exercise their privacy rights, and ensure that Californians can actually enforce their personal privacy rights.” Robert Callahan, vice president of state government affairs for the Internet Association, also criticized the measure. “It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike,” Callahan said. Others are looking to Congress to pass privacy legislation rather than having a possible hodgepodge of state regulations. “While this law (AB 375) just covers California currently, large companies will soon have to offer similar rights to all Americans,” said Mactaggart, the chief proponent of the California Consumer Privacy Act. “How on earth are they going to tell a New Yorker or a Texan that what’s good for a California consumer is out of reach for another state’s residents? It’s time for these companies to provide transparency and choice to all consumers, and if Congress is considering a national law, then California’s must be the minimum standard.” Thomas C. Donahue, president and chief executive officer of the U.S. Chamber of Commerce, said his organization is working on a legislative proposal for Congress “to prevent a patchwork of state rules that would pose a nightmare for businesses that operate across Continued on page 3