California Proposition Would Expand Duties and Liabilities for Collecting Personal Information


On September 26, 2013, the California Secretary of State allowed proponents of a new ballot proposition to collect signatures for the “Personal Privacy Protection Act.” The Act, if approved, would radically change the privacy landscape in California by adding new provisions to the California Constitution. Most importantly, the Act (1) requires all “legal persons” that collect personal information to use “all reasonably available means to protect it from unauthorized disclosure” and (2) creates a presumption that a person is harmed whenever his or her personal information is disclosed without authorization.

The California Constitution already guarantees individuals the right to privacy, and a multitude of state and federal statutes and regulations place limits on the types of personal information that governments and private entities can disclose to others. California, in fact, provides some of the most far-reaching protections for individual privacy in the United States. The Act, however, would go much further, by expanding the definition of confidential personal information, requiring firms to take unspecified steps to protect privacy, and create a presumption of harm when confidential personal information is disclosed.

The impact of these changes cannot be overstated. Showing actual harm has been one of the single greatest hurdles to bringing a claim against a company for unauthorized disclosure of personal information; this Act would eliminate that hurdle. California’s Legislative Analyst’s Office has summed up the impact on California government: “This measure would result in unknown but potentially significant costs to state and local governments . . . Increased costs could result from (1) additional or more expensive lawsuits filed against government agencies, (2) increased workload for state courts, (3) the implementation of increased data security measures, and (4) changes to government information-sharing practices.” The impact on businesses in California would be even greater, as the burden of defending lawsuits where no harm need be proved escalates.

In short, if enacted, this Act promises to further expand an ever-growing exposure that companies have for data breaches and privacy law violations.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jeffer Mangels Butler & Mitchell LLP | Attorney Advertising

Written by:


Jeffer Mangels Butler & Mitchell LLP on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.