California Privacy Ballot Measure Means New Compliance Hurdles

Privacy Partner Ashley Shively was quoted in a Bloomberg Law article discussing the establishment of California's new privacy regulatory body with the passage of Proposition 24. The new agency means a fresh set of regulatory headaches for tech companies and other businesses operating in California that are already grappling with the state’s landmark 2018 law. The ballot initiative also eliminates a 30-day “cure period” that existed under the California Consumer Privacy Act. That window gave businesses the leeway to confer with the attorney general and remedy any poor data practices before an enforcement action.

The lack of the cure period “heightens the legal risk around compliance,” said Ms. Shively. “An action could be filed without any warning.” The new agency will also issue regulations requiring risk assessments for businesses whose processing of consumer data “presents significant risk” to their privacy or security.

READ: California Privacy Ballot Measure Means New Compliance Hurdles