On the eve of the November ballot deadline, the California legislature passed a landmark privacy bill: AB 375, the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA was introduced and enacted into law within a week. The accelerated time frame was partially an effort to compromise with a sponsor of a November ballot initiative that would have also proposed significant privacy protections for California consumers. Hours before the June 28th ballot deadline, Gov. Jerry Brown signed the CCPA into law and the ballot initiative was withdrawn.
Interestingly, we understand that the CCPA is quite similar to the ballot initiative it replaced. The CCPA also shares similarities with Europe’s General Data Protection Regulation (GDPR), which took effect on May 2018. The CCPA has an effective date of January 1, 2020. However, it is likely the new law will be revised and amended over the next 18 months or so.
Given California’s reputation as a leader in the privacy space, we could see other states use this legislation as a blueprint. The CCPA may have a national impact, encouraging other states to enact privacy laws.
EPIC’s Cyber Practice Team is evaluating the CCPA to determine the impact the new legislation may have on insurance coverage. We will be closely watching for revisions to the CCPA in the coming months as well as for similar legislation that may be introduced in other states.