California May Pass Its Own GDPR

While companies are focusing on compliance with the EU’s General Data Protection Regulation requirements, Californians will be given the option to impose a sweeping, GDPR-like privacy regime that also deserves attention. On May 3, 2018, proponents of the California Consumer Privacy Act announced they had collected the signatures needed to qualify the act for the Nov. 6, 2018 ballot.

If approved by voters in November, the California Consumer Privacy Act would require businesses to disclose the categories of personal information they collect, sell or share about California consumers, and gives consumers a right to say “no” to the sale of their information. The act would also allow consumers to sue for violations (which include data breaches resulting from failure to maintain “reasonable security procedures and practices”) without suffering any loss of money or property, and would impose stiff penalties for noncompliance.

Please see our full article as published on Law360.