Bryan Cave Leighton Paisner Retail Blog

Retail Law

Other Posts

Main Content

California Passes Amendments to Consumer Privacy Act

California Governor Brown recently signed into law SB 1121, which amends the California Consumer Privacy Act of 2018 to provide much-needed relief to retailers and other businesses that collect consumer information. The amendments take effect immediately.

The California Retailers Association (CRA) worked successfully with other business leaders as part of the Privacy Coalition to secure passage and signature of SB 1121, and will continue to work on a more comprehensive clean-up bill in 2019.

As we previously reported, the Act grants consumers various rights with regard to their personal information held by businesses, including:

  • The right to request that a business provide it with specific information the business has collected about them, including categories of information sold, and third parties to whom information is sold.
  • The right to request deletion of personal information the business has collected about the consumer. The business must comply unless one

California Enacts Sweeping Privacy Legislation Concerning Consumers’ Personal Information

California enacted privacy legislation yesterday that is the first of its kind in the United States and moves California law closer to the protections afforded in the European Union by the General Data Protection Regulation (GDPR).  The law also creates a private right of action to pursue a lawsuit against a company arising out of a breach of personal information, which will likely give rise to a substantial increase in data breach lawsuits in California. There is a lot to unpack in this new piece of legislation, which spans 28 pages and will engender various regulations before its January 2020 effective date.  The new law forestalls possibly more onerous requirements from a citizen ballot initiative.

Following is a breakdown of the new California Consumer Privacy Act of 2018.

How is this like the GDPR?

Like the GDPR, the California law defines “personal information” far more broadly than seen before in the

Data Breach Litigation Report: An Analysis of Federal Class Action Lawsuits Involving Data Security Breaches

Data security breaches – and data security breach litigation – dominated the headlines in 2015 and continue to do so in 2016.  While data breach litigation is an important topic for the general public, and remains one of the top concerns of general counsel, CEOs, and boards alike, there remains a great deal of misinformation reported by the media, the legal press, and law firms. At best this is due to a lack of knowledge and understanding concerning data breach litigation; at worst some reports border on sensationalism or fearmongering.

Bryan Cave LLP began its survey of data breach class action litigation four years ago to rectify the information gap and to provide clients, as well as the broader legal, forensic, insurance, and security communities, with reliable and accurate information concerning data breach litigation risk.  The 2016 report covers litigation initiated over a 15 month period from the fourth quarter

The attorneys of Bryan Cave LLP make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.