On June 28, California’s Governor Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375), a broad privacy law modeled after the new European General Data Protection Regulation. The new law, which is now the broadest privacy law in the U.S., will go into effect on January 1, 2020. Under the law, businesses that collect personal information from consumers will be required to comply with consumers’ requests to access, share, cease selling or delete the information.
The law applies to businesses that do business in California (or control or are controlled by a business doing business in California) and either have over $25 million in revenue, receive the personal information of 50,000 or more consumers or devices, or derive 50 percent or more annual revenues from selling consumers’ personal information. The law does not apply to protected health information that is governed by HIPAA. The law directs the California Attorney General to solicit public comments and promulgate regulations implementing the law’s regulatory and enforcement framework before January 1, 2020. The text of the AB 375 is available here.
