In April 2019, the California Assembly Privacy and Consumer Protection Committee rejected a proposal known commonly as the “Privacy for All Act” (AB-1760), which among other things would have provided a private right of action for all violations of the California Consumer Privacy Act (CCPA). The rejection of AB-1760 was a blow to consumer privacy advocates. A similar measure, SB-561, would also have provided a private right of action for all privacy violations. That bill has also been defeated, meaning that the CCPA’s private right of action provisions will not be expanded this year.

SB-561 would have provided consumers a private right of action to sue companies on their own behalf for any violation of the CCPA. Presently, the CCPA provides that the consumer private right of action is limited to violations of the law’s data security requirements, where those violations lead to unauthorized access and exfiltration, theft or disclosure of personal information. Additionally, SB-561 would have provided companies with a mechanism to seek the California Attorney General’s opinion on CCPA compliance. The proposed bill would also have removed the CCPA’s “cure” provision, which provides that companies have a 30-day period to cure the alleged violations of the CCPA prior to initiation of a civil lawsuit.

For procedural reasons, the California Senate Appropriations Committee’s failure to advance SB-561 means that the Bill will not advance to a vote by the California Senate or Assembly prior to the May 31, 2019 legislative deadline, effectively killing any chance the bill will advance in 2019.

As such businesses can take some comfort that the private right of action will not be expanded – at least not this year. Whether the Legislature takes the issue up again in 2020 is one of the many unknown features of this fast-evolving law.

Philip N. Yannella

yannellap@ballardspahr.com | 215.864.8180 | view full bio

As Practice Leader of Ballard Spahr’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use…

yannellap@ballardspahr.com | 215.864.8180 | view full bio

As Practice Leader of Ballard Spahr’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.

Phil regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of Financial Services Cybersecurity Regulations, ISO 27001 compliance, HIPAA Security Rules, and FTC enforcement activity, as well as eDiscovery issues—leveraging his experience serving as National Discovery Counsel for more than two dozen companies in nationwide litigation. He harnesses his deep knowledge of privacy, data security, and information governance laws to help multinational companies develop global information governance programs to comply with overlapping, and sometimes conflicting, laws. Phil serves on the advisory board for the ACC Foundation’s Cybersecurity Survey, the largest survey of in-house counsel on cybersecurity issues.