Others should boost their security controls to get in sync with AB 375… or get ready to be sued hundreds of dollars for each personal record exposed in a breach.
California’s newly enacted Consumer Privacy Act should have little impact for US organizations that have already implemented measures for complying with the requirements of the European Union’s General Data Protection Regulation. But for most others, the mandate will likely necessitate a thorough review of their data security controls and in many cases potential updates to them. If not, they risk expensive litigation from their own customers.
California governor Jerry Brown June 28 signed into law, AB 375, the California Consumer Privacy Act (CCPA) of 2018. The statute – widely seen as one of the toughest privacy laws in the country – will give consumers in the state unprecedented control over any personal information about them that a company might have collected.