It Passed: The California Consumer Privacy Act of 2018

Posted: June 29, 2018

The California Consumer Privacy Act’s (CaCPA) path to legislation was a long and winding road. Beginning its life as a ballot initiative developed by a wealthy real-estate developer, the CaCPA, if passed, would have gone into effect as written with no opportunity for amendment or legislative review. This incentivized both the legislators and companies that would have been directly affected to make a deal: Put forth AB 375, which mirrors the ballot initiative with some minor changes, and if passed by midnight on Thursday, June 28, 2018, agree to drop the original ballot in its initial form.

As expected, AB 375 or what will now be known as the California Consumer Privacy Act of 2018, has passed in California. The California Consumer Privacy Act of 2018 received bipartisan support and arrived on Governor Jerry Brown’s desk for signature. The Governor signed the legislation on June 28th, 2018 at around 3 PM pacific time, well before the midnight deadline, ushering in a new age of privacy regulation in time for an early supper.

As we have previously written, this law will require companies to provide certain disclosures to consumers about what personal data is collected, the purpose for collection, and selling and sharing practices. Further, the law provides rights to consumers including the ability to opt-out of the selling of their personal data and creates an opt-in requirement for companies that wish to sell personal data of those under the age of 16.

Why did the legislators make this deal?

A few key reasons:

  1. Unlike the original ballot initiative, this is legislation can be amended before it goes into effect
  2. This legislation offers a reduction in the consumer’s ability to bring a private right of action (it still exists for breaches)
  3. It becomes effective in 2020, giving companies and legislators plenty of time to prepare
  4. It provides flexibility for companies wishing to offer consumer’s incentives for their personal data

What Should Organizations Be Doing Now to Prepare?

Companies should begin thinking about how this law applies to their business and monitor our site and well as other resources to remain aware of any changes that may occur in the next 18 months. Stay tuned to our resource center because we will be publishing additional information about how to comply with the California Consumer Privacy Act of 2018 now that it’s law and of course monitoring for any amendments to the law. As for privacy in the United States? As Bob Dylan sang, “the times they are a changin’” and companies that do not want to face serious fines and erode consumer trust must begin thinking about privacy and security in 21stcentury terms: transparency, fairness, and security.

Matt Dumiak

Author: Matt Dumiak

Matt Dumiak is Director of Privacy Services, Customer Engagement Compliance at CompliancePoint focused on U.S. and international direct marketing compliance regulations. He works with clients in a variety of industries and is dedicated to providing reliable and practical consulting services. Matt has earned a Certified Information Privacy Professional (CIPP/US) certification from the International Association of Privacy Professionals (IAPP), a Customer Engagement Compliance Professional (CECP) certification from the Professional Association for Customer Engagement (PACE), and has a B.S. in Economics from Georgia College.

Leave a Reply

Your email address will not be published. Required fields are marked *

Reduce risk, maintain a compliant posture, and protect info