Authors: Susan Kohn Ross and Aaron Wais
In a compromise to avoid a ballot measure, at the very last moment on the very last day, just before the stroke of midnight, on June 29, 2018, the California legislature passed and Governor Brown signed into law the California Consumer Privacy Act of 2018 (the “Act”), which takes effect on January 1, 2020. Many of its provisions are similar to the General Data Protection Regulations (“GDPR”), which took effect in Europe at the end of May, and required companies to institute new internal data privacy regimes. So, while those companies which prepared for the GDPR are well on their way to gaining compliance with this new law, there is still much to be done by them and especially those companies which were not impacted by the GDPR.
Moreover, it is not clear whether the new law is in its final form. Commentators opine that legislators may want to amend the Act prior to implementation, and by its provisions, the Attorney General (“AG”) is to solicit public participation in adopting regulations to implement the provisions of the Act.
As we wait for those regulations and any possible legislative changes and/or regulatory clarifications, there are some key provisions businesses in California, and those who do business with Californians, will want to know.
