The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

California Consumer Privacy Act Amendment Blocked by Lawmakers

by Chris Brook on Monday May 20, 2019

Contact Us
Free Demo
Chat

SB 561, a contested amendment to the California Consumer Privacy Act that could have expanded the right of consumers to sue companies over their handling of personal data, has been shelved by the state for now, likely giving businesses a sigh a relief.

Despite passing the Senate Judiciary Committee in April, Senate Bill 561, a controversial amendment to the California Consumer Privacy Act, has been iced by the state's Senate Appropriations Committee.

The consumer-friendly bill, SB-561, would have reconfigured enforcement provisions under the California Consumer Privacy Act and allowed a private right of action for all CCPA violations, not just those resulting from a data breach as the legislation currently outlines.

California’s Senate Appropriations committee voted last Thursday, the deadline for the state’s fiscal committees to hear and report on bills introduced in their house, to hold the bill, effectively signaling that it won’t pass in the Senate this session.

The bill was one of many looking to amend the CCPA before it goes into effect in 2020 making their way through the California legislative committees.

Despite its expeditious death, it appeared the bill was on the fast track to becoming law; it was quickly passed 6-2 by the California Senate Judiciary Committee just six weeks ago. It was heard four weeks ago by the same California Senate Appropriations Committee but there was no testimony. Instead it was placed by a vote of 6-0 in the committee's Suspense File, something that allows bills to be re-evaluated closer to the end of the term.

SB 561, introduced by Sen. Hannah-Beth Jackson in in February and backed by California's own Attorney General, Xavier Becerra, would have also done away with the CCPA's 30-day safe-harbor provision, a grace period that could have allowed companies to cure a violation before enforcement can set in. The amendment also would have relieved the Attorney General's office from providing guidance to businesses on how to comply with the CCPA.

When it comes to taking companies to court to enforce the CCPA, without SB 561, the onus will fall on the state of California. It remains to be seen how this will bode for consumers in wake of Becerra's admission last week that his office may not have enough staff to enforce the law when it goes into effect.

The bill was controversial and viewed by many prognosticators as a longshot from the get go. It would have put companies that process the personal information of consumers under a microscope and likely even more vigilant of an increase in individual and class action litigation.

Needless to say, the tech industry is viewing the blocking of the amendment as a win. Many businesses, including several Silicon Valley behemoths Facebook, Google and Amazon, were worried it would lead to an influx in lawsuits.

"The truth of the matter is the tech world is such a behemoth at this point in time, they have so much money, they have really been driving this whole discussion,” Jackson, the bill’s author, told the Associated Press last week.

Just because the amendment didn’t pass doesn’t mean businesses should halt their preparations around the CCPA however.

When the law goes into effect, the Attorney General’s office will still have the ability to seek $2,500 per “violation” and $7,500 per each intentional violation to disclose data collection or selling of data without permission, numbers that could certainly add up over time.

Tags: Privacy, Data Privacy

RECOMMENDED RESOURCES


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Find out why Digital Guardian has been named a “Leader” for 5 years in a row
  • Gartner’s yearly analysis of DLP vendors
  • DLP use cases and technology requirements

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.