In September 2018, just three months after the California Consumer Privacy Act was introduced, California’s Governor Jerry Brown signed SB 1121 into law. SB 1121 amends the CCPA which was passed in June this year. SB 1121 leaves the Act mostly intact, but it brings clarity to certain aspects of the CCPA.

The CCPA is not due to become law until January 1, 2020. But SB 1121 states that the California Attorney General can not enforce the Act until six months after publishing regulations pursuant to the Act, or July 1, 2020, whichever is sooner. The probable extension to the enforcement date should give organizations more time to make sure they comply with the Act.

Private Right of Action
SB 1121 clarifies that the only consumer private right of action permitted under the Act is for data breaches. Additionally, SB 1121 removes both the requirement that; a consumer bringing a private right of action notify the California Attorney General, and the Attorney General’s ability to prohibit a consumer private right of action.

SB 1121 still prohibits consumers from initiating an action against a business within 30 days after they have notified that business of any violations they have detected.

Consumers Right to Deletion
The CCPA previously required that a consumer’s right to deletion of personal information be disclosed in businesses’ online policies. SB 1121 modified this requirement by allowing businesses the flexibility to disclose the right to deletion in a form accessible to consumers.

Penalties
SB 1121 differentiates between penalties for intentional violations of the Act and non-intentional violations of the Act. Each intentional violation will receive a penalty of up to $7,500 for each record, while non-intentional violations involve a fine of up to $2,500 per record. This could mean severely punitive fines for violations involving for example, 100,000 records.

You do the math.

Sources: Forbes, Washington Post

Contact the author
Peter Borner
Executive Chairman and Chief Trust Officer

As Co-founder, Executive Chairman and Chief Trust Officer of The Data Privacy Group, Peter Borner leverages over 30 years of expertise to drive revenue for organisations by prioritising trust. Peter shapes tailored strategies to help businesses reap the rewards of increased customer loyalty, improved reputation, and, ultimately, higher revenue. His approach provides clients with ongoing peace of mind, solidifying their foundation in the realm of digital trust.

Specialises in: Privacy & Data Governance

Peter Borner
Executive Chairman and Chief Trust Officer

As Co-founder, Executive Chairman and Chief Trust Officer of The Data Privacy Group, Peter Borner leverages over 30 years of expertise to drive revenue for organisations by prioritising trust. Peter shapes tailored strategies to help businesses reap the rewards of increased customer loyalty, improved reputation, and, ultimately, higher revenue. His approach provides clients with ongoing peace of mind, solidifying their foundation in the realm of digital trust.

Specialises in: Privacy & Data Governance

Contact Our Team Today
Your confidential, no obligation discussion awaits.