HeaderPrivacy

Goal & Issue Summaries

Goal

Support the establishment of a uniform national standard for data security laws while assuring that such a law addresses the hackers and identity thieves who commit such crimes — not just the data brokers and financial institutions caught up in security breaches.

Issue Summaries

California Consumer Privacy Act

Position: While the CalChamber appreciates and understands the need and desire for consumer privacy, the CCPA unfortunately has multiple flaws that undermine consumer privacy as well as employee protections. The benefit of the CCPA, as opposed to the withdrawn 2018 initiative, is that the Legislature has time to address these flaws before the entire law goes into effect.

California has the opportunity to lead the country on this issue and produce model legislation on consumer privacy that works for both consumers and businesses. CalChamber will continue to push for crucial legislative changes to fix the CCPA in 2019, and also will be involved in the Attorney General’s rulemaking process to ensure that business efforts to implement and comply with the CCPA can be as efficient and safe as possible. California Consumer Privacy Act

Privacy and Cybersecurity

Position: The California Chamber of Commerce will oppose legislation seeking to expand legal liability related to data breach notification. Additionally, CalChamber will support any legislation seeking a safe harbor from data breach liability that would limit frivolous lawsuits for data breaches and encourage companies to utilize elevated security standards.

If the goal of the CCPA’s significant liability is for businesses to have solid cybersecurity practices and systems in place, then the Legislature should incentivize such conduct. The Legislature opted for a sledgehammer but should slightly counterbalance that sledgehammer with a small carrot: an affirmative defense for companies with systems and practices that can be certified as in accordance with existing and endorsed security criteria if sued. This will appropriately focus the CCPA’s private right of action on the true bad actors and actually address the underlying issue of data security. Privacy and Cybersecurity

Major Victories

Cleaned up onerous consumer privacy law in 2018 by working with members and other affected parties to negotiate clean-up language to consumer privacy law passed in 2018, including delayed enforcement and provisions clarifying that the private right of action applies only to additional liability for businesses after a data breach (SB 1121).

Led coalition in 2017 that negotiated amendments to protect the ability of business to offer free gifts or trials while allowing consumers who signed up online to cancel online (SB 313).

Stopped onerous, duplicative mandates in 2017 on manufacturers/retailers of devices that connect to the internet (SB 327); drastic restrictions on internet providers (AB 375); and a bill that risks stunting growth of unmanned aircraft systems (SB 347).

Maintaining Balance Between Privacy, Innovation

  • Secured amendments in 2016 to remove problematic aspects of two bills (AB 83, AB 2623) and prevented passage of bills creating overly prescriptive mandates (AB 2688), interfering with businesses’ ability to interact with consumers (AB 2867), and potentially exposing proprietary information (SB 949).
  • Stopped proposals in 2016 that would have stifled drone innovation and use (SB 868, AB 2724).
  • Secured amendments in 2015 to make data breach legislation more workable for businesses (SB 570, AB 964).
  • Supported modernization of digital surveillance laws in 2015 to provide clarity to business about when and how government can gain access to electronically stored consumer information (SB 178).

Protecting Victims of Identity Theft. Backed urgency bill to authorize restitution for expenses for three years to monitor an identity theft victim’s credit report and for the costs to repair the victim’s credit (SB 208 of 2011).

Combating Costly Identity Theft. Supported enactment of a law making it easier to prosecute identity theft offenses by expanding the jurisdiction to include any place where an offense occurred (SB 226 of 2009).

Neutralizing Overly Expansive Privacy Proposals. Secured amendments in 2009 to proposals (ultimately vetoed) potentially exposing businesses to further data breaches by expanding the content of required breach notifications (SB 20) and requiring social networking sites to prohibit and prevent photos posted to a site from being copied (AB 632).

Privacy Bills

Coalitions

Staff Contact

Sarah Boot
Policy Advocate
Privacy/Technology, Telecommunications, Economic Development, Taxation