The statute becomes effective January 1, covering most entities doing business in California, just months after enforcement began for Europe’s General Data Protection Regulation, which affects many US online operations.
The new law stems from a widespread effort to rein in practices over handling on online consumer data after years of breaches and abuses that have made headlines.
For much of the year, the US Congress debated efforts to draft a national privacy law that would avoid multiple standards but failed to come up with a bill before the clock ran out for 2019.