Most privacy professionals thought it may take months, if not years, for US privacy laws to catch up to the EU but it looks like California decided to push up the timeline. Last month, the California Consumer Privacy Act of 2018 was passed by California legislature, expanding the definition of personal data and including more rights for California residents. The act includes a new scope to accompany the new requirements, applying to businesses meeting one or more specified criterion, whether they are located in the state of California or elsewhere. The IAPP has estimated that the new act will impact more than 500,000 businesses across the United States. You can read more about the study to determine the number of impacted businesses here.
The California Consumer Privacy Act of 2018 sets the stage for other states in the US by revamping the definitions of a consumer, a business and personal data. California has introduced a new direction for US privacy law – one that more closely mirrors the latest General Data Protection Regulation passed in the EU. Some of the rights granted to consumers include rights similar to the now-familiar right to access and the right to erasure provided under the GDPR. It is important to note that the California Consumer Privacy Act of 2018 is not set to go into effect until January 2020. Hopefully this timeframe will prove valuable to businesses not already adhering to GDPR requirements, allowing them to prepare their employees and processes for the necessary changes.
To read more about the California Consumer Privacy Act of 2018 and how it may impact your business, we have included some additional resources below:
- IAPP - California passes landmark privacy legislation
- Forbes - What You Should Know About The New California Consumer Privacy Law
- California Privacy Website
- California Consumer Privacy Act of 2018 (AB 375)
Please feel free to reach out to Schellman’s Privacy Team with any questions regarding!
About the Author
Chris Lippert is a Privacy Technical Lead and Manager at Schellman based out of Atlanta, GA. With more than five years of experience in information assurance, Chris has a concentration in privacy-related engagements. He is an active member of the Information Systems Audit and Control Association (ISACA) and International Association of Privacy Professionals (IAPP) and advocates for privacy by design and the adequate protection of personal data in today's business world.More Content by Chris Lippert