Requirements to keep data secure or response to data breachs

August 2, 2018

The New California Privacy Law—Should You Care?

More privacy.  It seems like a good thing—something like money or apple pie, where more is better.

At least that’s what the folks down the hill in Sacramento seem to think.  A couple of weeks ago the California legislators passed a new privacy law, all 16 pages of it, unanimously, with barely a fist full of absentees and no “Nays.”  The catalyst for the law was a ballot initiative on privacy scheduled for November which had been financed by a wealthy real estate investor.  The new law strikes a bargain with the investor as it takes effect on January 1, 2020 the condition that he withdraws his initiative.

At the moment there’s plenty not to like in the new law.  Its unintended consequences will hurt small and medium-sized businesses and limit effective civil and political discourse to a small number of on-line platforms.

Like the recently implemented European General Data Protection Regulation (the “GDPR”) the California law covers all personal information, regardless of whether such information is collected, sold or transferred over the internet, by video, manually, or some other fashion.  Although the law applies to only certain for-profit entrepreneurs and companies, it will, none-the-less, sharply curtail the collection, sale or transfer of personal information about California residents.  Indeed, ...