California Consumer Privacy Act 2018

California AB 375

Major changes are happening for California’s data privacy landscape.  Two significant pieces of legislation are aimed at furthering protections for consumers and providing stricter regulations for organizations that collect California residents’ personal information.  The changes are shining a light on the increasing importance of establishing protocols for cybersecurity and secure data destruction.

California Privacy Act AB-375 and Data Destruction

On June 28, 2018, Governor Jerry Brown signed AB-375 into law as the California Consumer Privacy Act of 2018 – making the state a national leader for issues of consumer privacy and data security.  The new law aims to create greater transparency for consumers about what information is being collected, how it is being used, and whether it is being sold.

It also requires organizations that collect consumer information to delete all of the data upon request by the consumer and to implement reasonable protocols for protecting the data it stores.  If a breach occurs, whether through digital hacking or improper disposal measures, companies must notify California consumers, and consumers would then have legal precedence to sue companies over those breaches for amounts of $100 to $750 or for monetary damages.

The California Consumer Privacy Act becomes effective in 2020, giving businesses time to establish compliant systems and processes.

SB-1121: Personal Information

Senate Bill 1121 was introduced on February 13, 2018 by Senator Bill Dodd.  It passed the Senate in May and now sits with the State Assembly, where it must pass or fail by August 31.  Among the ground-breaking changes that SB-1121 proposes, it would empower “consumers” to take action against companies for data breaches, as opposed to previous legislation that protected “customers.”

Regardless of a consumer’s ability to prove monetary damages that resulted from a breach, SB-1121 could allow people to sue companies for $1,000 per data breach (or for monetary damages – whichever sum is greater).

How California’s Changing Privacy Laws Impact Businesses 

While some organizations fear that the new legislation will place an unreasonable burden on businesses, others recognize the great opportunity to provide a safer experience for their customers.

In addition to establishing cybersecurity solutions to protect consumers’ information, California businesses should also be looking into the best options for secure data destruction.  After all, as consumers request their information to be deleted from your systems, it’s essential to ensure that you’re actually complying.  Deleting data isn’t as simple as putting files in the trash, and you remain liable for data that remains on your hard drives long after equipment is disconnected from the network.

At E-Waste Security, we help businesses in California and Nevada mitigate their liability and maintain compliance by offering certified and secure hard drive sanitation and destruction services.