Companies doing business in California have been watching to see if the state’s legislature would water down a wide-reaching data privacy statute. As the legislative session adjourned earlier this month, it might have left those companies disappointed.
The California Consumer Privacy Act, enacted last year, will give California’s 40 million residents unprecedented rights over their data that companies collect, store and use. Effective Jan. 1, Californians will require notification from many businesses on how their data is used and may request access to their personal data or even have that data deleted. The CCPA’s consumer data protections are set to be the most robust of any state and go beyond what most U.S. businesses have been prepared to comply with.
On Sept. 13, the last day of its session, the California State Legislature approved five amendments to the CCPA. Some of the amendments would make business-friendly tweaks to the data privacy law but leave the core obligations, like consumers’ right to have their data deleted on request, mostly intact.
Even as the session adjourns and the CCPA’s language is set — assuming California Gov. Gavin Newsom signs each passed amendment — the data privacy community is still waiting for the California Attorney General’s Office to issue its regulations on the CCPA.
To read the rest of this story and other complete articles featured in the Sept. 23, 2019 print edition of Law Week Colorado, copies are available for purchase online.