My article last week discussed proposed technical amendments to the California Consumer Privacy Act in Senate Bill 1121. The bill ran into political headwinds and was not passed until late on Friday, the last day of the California legislative session. The amendments now go to Governor Brown for signature.
During the past week four more amendments were added to the law now before Governor Brown:
- As requested by the California Attorney General, the proposed law now removes the “gatekeeping” function of the AG from the section establishing a private right of action. That section had previously required a consumer to notify the AG before bringing a private right of action and had given the AG the power to preclude the consumer from proceeding with that action.
- The lawmakers extended the HIPAA/CMIA exemption to providers of health care governed under CMIA or covered entities governed by the specified federal privacy, security, and breach notification rules established pursuant to HIPAA, to the extent the provider or covered entity maintains patient information in the same manner as medical information or protected health information.
- They also clarified that the enforcement actions of the AG are subject to civil penalties of not more than $2,500 for each violation, or $7,500 for each intentional violation. This fixed a drafting error that would have tripled penalties for a negligent violation of the CaCPA from $2,500 to $7,500.
- Finally the lawmakers deleted some remaining references to “within one year of passage of this title and as needed thereafter” in order to effectuate the delayed deadline for the AG’s regulations.
Assuming that the governor signs this set of CaCPA changes, the legislators will have eliminated some of the uncertainty about the law’s requirements. However, they deferred consideration of numerous other proposed CaCPA changes until the 2019 legislative session. Those proposals range from requests to make fundamental changes to disclosure obligations to requests for technical fixes such as a proposed change to the FCRA language and changes to prevent those planning crimes from opting out of critical watch lists and services designed to prevent unlawful activities.
Photo credit: By Makaristos [Public domain], from Wikimedia Commons
If you want to comment on this post, you need to login.