Faced with a strict ballot initiative that was likely to earn a spot on the state’s November ballot, California’s legislature passed the toughest consumer privacy provisions in the US; Colorado passes consumer data security law.
California. Faced with a strict ballot initiative that was likely to earn a spot on the state’s November ballot, California’s legislature passed the toughest consumer privacy provisions in the US, which will go into effect Jan. 1, 2020. The California Consumer Privacy Act 2018, or AB 375, introduces provisions similar to Europe’s General Data Protection Regulation, or GDPR, which as of May 28 puts consumers in control of their data and places obligations on companies to protect their personal information.
The law, which protects California residents, applies to businesses in California that have revenue of more than $25 million; hold personal data of more than 50,000 people, households or devices; or that generate at least half its annual revenue through the sale of personal data.
Colorado. Colorado has enacted House Bill 18-1128, which provides protection for the personal data of Colorado residents. The new law, which becomes effective on Sept. 1, requires covered entities that maintain, own, or license “personal identifying information” of a Colorado resident to implement and maintain reasonable security procedures and practices that are “appropriate to the nature of the personal identifying information and the nature and size of the business and its operations.”
CWS Council and SIA members can read more in the second-quarter North America Legal Update, written by Fiona Coombe, Staffing Industry Analysts’ director of legal and regulatory research.