It has always been a “happy incident” of our federal system that a “courageous State” may “try novel social and economic experiments without risk to the rest of the country.” See New State Ice Co. v. Liebmann, 285 U.S. 262, 311 (1932) (Brandeis, J. dissenting). In relation to data protection laws, however, this has led to an unintended and potentially unworkable level of complexity on the national level. This complexity first arose in relation to data breach notification statutes, which began in California in 2002 and soon spread to all 50 states, albeit with wide variations in terminology and scope.

In relation to data privacy, California is again leading the way with the California Consumer Privacy Act (CCPA), passed in 2018 and effective as of Jan. 1, 2020. Long gone are the days, however, where experimentation in the arena of data protection is “without risk to the rest of the country.” Indeed, as the world’s fifth largest economy and nexus for much of the world’s commercial online activity, California has global weight when it comes to regulating how organizations process personal data. This weight was underscored recently with the release of proposed regulations under CCPA, which remain under comment until Dec. 6, 2019.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]