June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation. California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits. Yesterday, both houses of the legislature passed – and Governor Brown signed into law – the California Consumer Privacy Act of 2018.
Earlier we wrote about the effort to pass the California Privacy Ballot Initiative No. 17-0039 (the “Ballot Initiative”) that would be put forth on the November 6th, 2018 ballot. The Ballot Initiative would give consumers broad rights regarding their personal information, including being able to learn who their personal information is being disclosed or sold to, preventing businesses from discriminating against consumers who exercise their rights under the act including opting out of the sale of their personal information. Further, the Ballot Initiative would have given a private right of action to consumers to sue businesses where the business experienced a security breach and failed to implement reasonable security procedures, with statutory damages of $1,000, which would increase to $3,000 for willful violations.