A bill designed to enhance consumers’ rights under the California Consumer Privacy Act (the “CCPA”) is making its way through the California State Senate.[1] State Senator Hannah-Beth Jackson introduced Senate Bill 561 (the “Bill”) on February 22, 2019, and the Senate referred it to the Committee on Judiciary on March 7, 2019. The Bill, which has the support of the California Attorney General, does the following:
-
Allows consumers to prosecute a private right of action with respect to violations of any portion of the CCPA, such as a failure to delete consumer data as requested.[2] In its current form, the CCPA allows private rights of action only with respect to data breaches that were the result of a business’s failure to maintain reasonable security procedures or practices.
-
Eliminates the requirement that the Attorney General provide opinions to businesses. The CCPA allows “[a]ny business or third party [to] seek the opinion of the Attorney General for guidance on how to comply with the [CCPA].” The Bill replaces this language with a statement that the Attorney General “may publish . . . general guidance” on compliance with the CCPA.
-
Removes the 30 day cure period for non-compliance actions brought by the Attorney General. The CCPA currently provides that businesses are in violation of the CCPA if they fail to cure any alleged violation within 30 days of notification of the noncompliance. The Bill removes this language entirely.
California Attorney General Xavier Becerra called the Bill a “critical measure to strengthen and clarify the CCPA.”
We recommend that businesses covered by the CCPA continue to monitor this Bill, remain on the lookout for other amendments, and plan carefully to achieve compliance with the CCPA by the January 1, 2020 implementation date.
For more information on the CCPA, and our recommendations on preparing for it, visit the links below.
[1] The CCPA is codified at Cal. Civ. Code §§ 1798.100 through 1798.199.
[2] See Cal. Civ. Code § 1798.105