After federal bureaucrats burked the national net neutrality rule, California lawmakers resuscitated it, stateside. And now, Golden State legislators have green lit a bill that, if passed, would allow consumers to sue over data breaches at the rate of $1,000 per incident or for actual damages — whichever is more.
SB-1121 is nowhere near the law books, yet. Introduced by Sen. Bill Dodd, the measure now heads to the State Assembly, where legislators have till August 31st to yay or nay it. If it passes, then the governor has 30 days to sign in the law or kill it with a veto.
SB-1121: California’s Potential New — and Super Strict — Online Privacy Law
If the online privacy law does find its way into California’s law books, what would it accomplish? Here’s the bill’s brief.
Existing law requires a business to take all reasonable steps to dispose of customer records containing personal information and imposes other requirements on a business relating to the custody of customer records containing personal information. Existing law defines the term “customer” for purposes of those provisions to mean an individual who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service from the business.
This bill would instead make those provisions applicable to consumers and consumer records, would define “consumer” for purposes of those provisions to mean a natural person, and would make other related and conforming changes.
Existing law requires a business that owns, licenses, or maintains personal information, as defined, about a California resident to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure, as specified. Existing law requires a person or business conducting business in California that owns or licenses computerized data that includes personal information to disclose a breach in the security of the data to a resident of California whose encrypted or unencrypted personal information was, or is reasonably believed to have been, acquired by an authorized person, as specified. Existing law allows a customer injured by a violation of those provisions to institute a civil action to recover damages and authorizes a court to enjoin a business that violates those provisions.
Connect With An Internet Law Attorney
HT Law helps startups, businesses, and entrepreneurs with everything from website terms of service agreements and SAAS contracts to digital intellectual property protection and online privacy governance.
Located in Los Angeles, we work with clients all over the state and across the country. Give us a call today. The first consultation is on us.Contact An Online Privacy Law Attorney ❯