California Passes GDPR-Lite: Strictest Privacy Law in United States

[MrFredPFL]

Story : https://www.jdsupra.com/legalnews/california-passes-gdpr-lite-strictest-38938/

California recently, and quickly, passed the strictest data privacy law in the land: the California Consumer Privacy Act of 2018 (AB-375). Businesses now have less than 18 months to reassess their consumer privacy policies and practices. The hastily passed piece of legislation – which went from bill to law in just one week – brings certain key aspects of the European Union’s complex General Data Protection Regulation (GDPR) stateside, including a broad definition of personal information; transparent disclosures about how personal information is collected, used, disclosed, and sold; subject access requests; the right to be forgotten; and data portability. While the new law does not take effect until January 1, 2020, businesses should take heed from the critical lesson of the GDPR that preparations should start early.

Those doing business in California should carefully review the new law, be on the lookout for any amendments made before the effective date, and start investing in compliance, which includes preparing new privacy disclosures, and instituting policies and procedures for complying with consumer requests for information.

Below is a summary of key components of the law. Though it is important to review the law in its entirety along with any revisions made between now and January 1, 2020.

Who does the law apply to?

The law essentially applies to any for-profit legal entity that (1) collects consumers’ personal information, (2) does business in California, and (3) meets at least one of the following criteria: