Does the New California Security Act Apply to Your Business?

Matt Slakoff, CIC, CRIS
Businesses face many risks.  Changes in laws and increases in liability need to be understood to ensure compliance.

There is a new strict law, effective January 1, 2020, that may apply to your company if it meets the following criteria:

  • Gross revenue above $25 million
  • Annually purchases (alone or in combination) personal information of at least 50,000 consumers
  • Derives 50% or more of its annual revenue from selling personal information

California SB 561 is a sweeping new law that leaves little room for interpretation.  The intent of the legislation is to bring clarity to the California Consumer Privacy Act (CCPA).

This Bill proposes three amendments to the CCPA.

  1. Any violation of any provision of this act would allow a consumer to seek damages directly with the offending company – This bypasses the step of the Attorney General being the primary party responsible for enforcement. This could lead to more lawsuits aimed at businesses.
  2. A “Right to Cure” provision will be removed which would have allowed a business the opportunity to remedy an alleged violation of the law with a 30-day notice.
  3. A provision is removed that allows

Links to Information on the CCPA:

https://www.irmi.com/articles/expert-commentary/a-summary-of-ccpa-of-2018

A comprehensive risk management assessment including the evaluation of cyber liability can help ensure your company’s continuity in the event of an incident that breaches these new laws.