Up against a deadline for the introduction of legislation in the 2019 California state legislative session, numerous pieces of legislation were proposed last week to amend the California Consumer Privacy Act (CCPA), including a draft bill supported by the state attorney general that would allow consumers to bring private lawsuits for any violations of their privacy rights. SB 561 would authorize a consumer lawsuit "any time rights under [the CCPA] are violated," with statutory damages of $100-$750 per violation. The consumer would have to provide a business with notice and 30 days to cure the violation prior to bringing the lawsuit.

And, California is not the only state actively considering privacy legislation at the moment; in addition to consumer privacy reforms on the table in 11 other states, state lawmakers have been active in pushing legislation to amend data breach notification statutes, regulate data brokers, restrict the collection and use of biometric information, and set new obligations for collecting and sharing data belonging to minors.

Further analysis regarding this broad array of proposed state privacy legislation, the effort to implement consumer privacy reforms in California, and upcoming federal hearings on consumer data privacy are available in the February issue of the Privacy Oracle. The Oracle is a monthly, subscription-based newsletter that consolidates significant U.S. legislative and regulatory developments at the federal and state levels into a single publication. For information on subscription pricing, please contact Nancy Libin or Rachel Marmor.