June 29, 2018
Authored by: Bryan Cave and Jena Valdetero
California enacted privacy legislation yesterday that is the first of its kind in the United States and moves California law closer to the protections afforded in the European Union by the General Data Protection Regulation (GDPR). The law also creates a private right of action to pursue a lawsuit against a company arising out of a breach of personal information, which will likely give rise to a substantial increase in data breach lawsuits in California. There is a lot to unpack in this new piece of legislation, which spans 28 pages and will engender various regulations before its January 2020 effective date. The new law forestalls possibly more onerous requirements from a citizen ballot initiative.
Following is a breakdown of the new California Consumer Privacy Act of 2018.
How is this like the GDPR?
Like the GDPR, the California law defines “personal information” far more broadly than seen before in the