When it comes to consumer data privacy, California leads the country in legislative action. As continued evidence of this, earlier this year, lawmakers introduced two bills designed to strengthen data privacy protections for California State consumers. Below, we discuss the California data privacy bills and the potential implications for companies that process Californians’ data.
What Do The California Data Privacy Bills Do?
Assembly Bill 1542 (“AB 1542”) seeks to amend the California Consumer Privacy Act (“CCPA”) to prohibit businesses, service providers, and contractors from selling or sharing certain data of California consumers. Specifically, the bill aims to ban businesses from selling or sharing “sensitive personal information” with third parties. As defined under the CCPA, “sensitive personal information” includes, among other things: (1) social security, driver’s license, state identification card, or passport number; (2) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (3) precise geolocation; and (4) racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership. In support of AB 1542, the bill’s sponsor stated that “data privacy must remain a priority for this Legislature. It is imperative that California take a lot of bold action.”
Similar to AB 1542, Senate Bill 1106 would amend California’s Delete Act to require data brokers to process Californians’ data deletion requests within 30 days instead of 45 days, which is the current timeframe under the law. Our readers may recall that the Delete Act, which is enforced by the California Privacy Protection Agency (“CPPA”), established a centralized mechanism for California consumers to submit data deletion requests. In addition to shortening the timeframe for processing Californians’ data deletion requests, the bill also would shorten the frequency with which require data brokers are required to access the data deletion mechanism from 45 days to every 30 days.
California Data Privacy Compliance Requires The Guidance of Knowledgeable Attorneys
While it remains unclear whether these two bills will be signed into law, it is important to note that the CPPA voted in support of the bills. Consequently, companies that collect the data of California consumers should prepare as if the bills will become law in the near future.
The attorneys at Klein Moynihan Turco (“KMT”) have decades of experience with assisting companies in navigating state and federal data privacy laws. In addition, KMT has successfully defended countless companies in consumer data privacy lawsuits and state and federal regulatory proceedings. If you need assistance with updating your consumer data collection and use practices, or if you are the subject of a data privacy regulatory action, email us at info@kleinmoynihan.com or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice nor is it a substitute for seeking legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising
Photo by Tina Chelidze on Unsplash
Similar Blog Posts:
California’s Strikethrough Price Law Takes Center Stage
