California Proposition Would Expand Duties and Liabilities for Collecting Personal Information

On September 26, 2013, the California Secretary of State allowed proponents of a new ballot proposition to collect signatures for the “Personal Privacy Protection Act.” The Act, if approved, would radically change the privacy landscape in California by adding new provisions to the California Constitution. Most importantly, the Act (1) requires all “legal persons” that collect personal information to use “all reasonably available means to protect it from unauthorized disclosure” and (2) creates a presumption that a person is harmed whenever his or her personal information is disclosed without authorization.

The California Constitution already guarantees individuals the right to privacy, and a multitude of state and federal statutes and regulations place limits on the types of personal information that governments and private entities can disclose to others. California, in fact, provides some of the most far-reaching protections for individual privacy in the United States. The Act, however, would go much further, by expanding the definition of confidential personal information, requiring firms to take unspecified steps to protect privacy, and create a presumption of harm when confidential personal information is disclosed.

The impact of these changes cannot be overstated. Showing actual harm has been one of the single greatest hurdles to bringing a claim against a company for unauthorized disclosure of personal information; this Act would eliminate that hurdle. California’s Legislative Analyst’s Office has summed up the impact on California government: “This measure would result in unknown but potentially significant costs to state and local governments . . . Increased costs could result from (1) additional or more expensive lawsuits filed against government agencies, (2) increased workload for state courts, (3) the implementation of increased data security measures, and (4) changes to government information-sharing practices.” The impact on businesses in California would be even greater, as the burden of defending lawsuits where no harm need be proved escalates.

In short, if enacted, this Act promises to further expand an ever-growing exposure that companies have for data breaches and privacy law violations.

 

Topics:  Personally Identifiable Information, Privacy Laws

Published In: Communications & Media Updates, Constitutional Law Updates, Elections & Politics Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jeffer Mangels Butler & Mitchell LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »