On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of a consumer’s rights under the CCPA. This would materially increase the risk to businesses of class action litigation from failures to comply with the privacy standards in the new law.
The amendment also removes the thirty day cure period for a business to address any alleged noncompliance before it is in violation of the CCPA. In addition, SB-561 removes the requirement that the AG issue opinions to businesses seeking the AG’s guidance on how to comply with the CCPA, instead only requiring the AG to publish general guidance.
In announcing the proposed amendment Senator Jackson states, “Our constitutional right to privacy continues to face unprecedented assault. Our locations, relationships, and interests are being tracked, bought and sold by corporate interests for their own economic gain and in order to manipulate us…SB 561 will ensure that the most significant privacy protections in the nation are robustly enforced.” Because the amendment does not address industry concerns relating to the CCPA’s scope and uncertainty around the application of certain requirements, we anticipate other efforts to amend the CCPA prior to its effective date on January 1, 2020.