California Consumer Privacy Act: users can claim damages

Discussion in 'Site Security & Legal Issues' started by Alfa1, Jun 13, 2018.

  1. Alfa1

    Alfa1 Moderator

    3,508
    1,202
    +2,442
    California is the first US state who seems to be heading for a GDPR like amendment of its privacy laws.
    Most of the CCPA is similar to the GDPR and contains all the major elements. But it also enables consumers to claim damages for each violation. Here is the summary:

    Gives consumers right to learn categories of personal information that businesses collect, sell, or disclose about them, and to whom information is sold or disclosed. Gives consumers right to prevent businesses from selling or disclosing their personal information. Prohibits businesses from discriminating against consumers who exercise these rights.

    Allows consumers to sue businesses for security breaches of consumers’ data, even if consumers cannot prove injury. Allows for enforcement by consumers, whistleblowers, or public agencies. Imposes civil penalties.
    Applies to online and brick-and-mortar businesses that meet specific criteria.

    Yes, you have read that right: your forum users will be able to claim damages from you if you breach the CCPA.

    The proposal has more than enough signatures to get on the ballot, although the final decision won’t be made until June 25. If it does make it on, which is highly likely, the initiative could be voted into law during the general election in November.

    Google has previously opposed the proposal but has given up: https://www.privacyandsecuritymatters.com/tag/california-consumer-privacy-act/

    More here: https://ballotpedia.org/California_...rmation_Disclosure_and_Sale_Initiative_(2018)
     
    • Informative! Informative! x 5
    • List
  2. Paul M

    Paul M Dr Pepper Addict

    3,724
    1,127
    +2,047
    So are all the US sites that say they are just going to block EU users because of GDPR also going to block Californian users ?
     
  3. Nev_Dull

    Nev_Dull Anachronism

    1,759
    717
    +820
    Although I just skimmed the proposal, I think most forums should be fine, as tit seems to be aimed solely at businesses. Only those who run their forums as a business entity, or as part of another business will have to be concerned. But it is a wake-up call for those thinking GDPR is just a problem for the Euro-Trash Socialists.
     
  4. Tracy Perry

    Tracy Perry Opinionated asshat

    5,135
    492
    +3,536
    Pretty sure that law will be specific to sites hosted or doing business in California. They have plenty of other laws that are specific to them that the rest of the nation do not.
    That's why you hear of 49 state compliant cars. The 1 state they aren't compliant in is... you guessed it... California.... which is frequently referred to as Kalifornia.... which should give you an idea of the attitude of the "mainlanders" towards that wayward state.
    That state is also having issues with an increased exodus of businesses and residents.

    What's a bad day... someone from California moving into your neighborhood.
    What's a fantastic day.... when they move out of your neighborhood.
    :ROFLMAO:
     
    Last edited: Jun 14, 2018
    • Like Like x 1
    • Winner Winner x 1
    • List
  5. mysiteguy

    mysiteguy Devotee

    2,520
    887
    +1,765
    It also depends on the size of the business (or it's customer base).

    Likewise, past Internet laws in California have not impacted other states to the extent GDPR attempts to cross lines of sovereignty, because it cannot. I know very few (ie, none) sites that I deal with as clients or non-mega corp sites visit which are located outside of California who pay any attention to their state specific laws.

    I have zero concern about California's laws. They aren't nearly on the same level of border overreach. Plus, being here in the states it has a chance to go through US courts under constitutional challenge.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  6. Wes of StarArmy

    Wes of StarArmy Adherent

    323
    105
    +115
    This sounds great as a consumer. I'm sick of the usual "whoops, we gave your SSN and credit card info to hackers!" and the only thing offered in consolation is free credit monitoring or something like that.

    As an admin it underscores the need to be really careful about your security to avoid breaches.

    Related: I just recently added a "Your California Privacy Rights" section to my privacy policy when I did all my GDPR-friendly updates to it.
     
  7. mysiteguy

    mysiteguy Devotee

    2,520
    887
    +1,765
    We've had several people from that state move here, and they are actually great folks. They moved here specifically to get away from the political/business/social environment there... so they fit in well here. :) But I do get the point of your joke, reminds me of what they say in the south... a Yankee is someone from the north who visits the south. A damn Yankee is someone who stays.
     
  8. mysiteguy

    mysiteguy Devotee

    2,520
    887
    +1,765
    It's not like there weren't remedies in place. For instance, there are major class action lawsuits when these things happen. It's going to hit Equifax pretty hard when the several against them come to a conclusion, and probably a lot more costly than a fine. I'm in 2 of those class action suits.
     
  9. Tracy Perry

    Tracy Perry Opinionated asshat

    5,135
    492
    +3,536
    Yeah, a lot of them are moving to escape the state governments over-reach. I know in Texas we've gotten several of their businesses lately (Toyota moving corporate office to Dallas, Kubota Credit Corp planning a move corporate office to Grapevine, Occidental Petroleum to Houston, Jacobs Engineering Group to Dallas). These are not small companies either.

    And yes, it's similar to the Yankee vs Damn Yankee joke. ;)
    Although we DO have many that still like the California so-called benefits and try to revamp this state to what California was.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  10. mysiteguy

    mysiteguy Devotee

    2,520
    887
    +1,765
    I have family in Texas, and many friends, they've told me similar stories. Those who re-locate because their company is.... aren't necessarily those you want, lol. I'm in a very rural area, few move here for a job... only for a change in lifestyle (that's why I moved here).
     
  11. TheChiro

    TheChiro Devotee

    2,458
    927
    +733
    Is it not eye opening to these communist/socialist-wannabe states (mentalities) when they start seeing all these big businesses leaving their state, which leads to less jobs and less taxable income to the state....don't you think they would change their stance? Oh right, the stupid people of these states, like California and Illinois keep voting for the same idiots that think decreasing people's rights, increasing regulations and taxes = paradise. Why the mass exodus from Cali and Illinois? The ones bringing the income in...are the ones leaving because the ever increasing taxes.

    California needs to just secede. Here's what I see happening with this law. A competitor is going to go to great lengths to find someone to breach their competitor to make their competitor to go belly up. That's what a lot of these laws aren't understanding...heck, I don't think a lot of these politicians even understand how computers and the internet works. Websites and computers cannot be 100% hack proof (well...if you keep them disconnected from any networks and the internet...certainly makes it harder now lol). I haven't looked at the commie cali laws but I hope there is something in there that states something to the effect of the businesses attempting to make things as secure as possible. For example, I hire a server administrator to do security audits, I've hired white hats to check for vulnerabilities, and we go to great lengths to secure our staff accounts, including our ACP access. There should be something in there for "due diligence". This should be aimed at those who are storing SSN's or have passwords stored in plain text. Having your email "leaked" is no big deal...so you get a few more viagra emails that go to spam :p
     
  12. djbaxter

    djbaxter Tazmanian Veteran

    10,481
    917
    +451
    That's only a remedy after the fact - and if you have the money to launch or participate in litigation.
     
  13. djbaxter

    djbaxter Tazmanian Veteran

    10,481
    917
    +451
    Also, it looks like Canada will be creating it's own enhanced privacy legislation:

    House committee says privacy laws should apply to political parties
    by Aaron Wherry, CBC News
    Jun 19, 2018

    MPs recommend expanding data protections and empowering privacy commissioner
    Read more...

    And honestly... I really don't understand how this is not a good thing for consumers.

    Yes, the EU went overboard with the GDPR (disclosure: the following is quoted from one of my own blogs):

    That doesn't mean the spirit of the legislation isn't a good idea, or that other countries can't adopt the spirit without the more extreme EU craziness.
     
  14. mysiteguy

    mysiteguy Devotee

    2,520
    887
    +1,765
    A fine is a remedy after the fact as well. And, unlike a class action lawsuit, the government gets the money, none goes to the consumers impacted.
     
  15. mysiteguy

    mysiteguy Devotee

    2,520
    887
    +1,765
    Spirit and outcome are two entirely different things when it comes to government regulation.


    With government, usually, the road to hell is paved with good intentions.

    In the USA:
    The drug war has resulted in creating a criminal class, sending millions to prison, marking someone's history with an arrest that never goes away, an estimated 50,000 - 80,000 SWAT raids per year, and billions in assets annually seized with dubious constitutionality via "civil asset forfeiture."

    The war on poverty has resulted in incentivizing no father in the house, and the break down of the family structure in countless poor communities making it even harder to get out of poverty. The federal and state governments have spent $15 trillion dollars on it. Imagine how many jobs could have been created, actually helping poor people, had taxpayers been able to spend it. And the poverty rate? Hasn't moved much.

    Social Security has discouraged saving for retirement.

    Subsidized student loans have caused the cost of university education to skyrocket.

    The ADA has made companies so afraid of lawsuits that those who hire are reluctant to hire handicapped people. The percentage of blind people who are employed now is far lower than before the ADA, for instance.

    American food aid to Haiti was supposed to help them, instead, it all but wiped out their domestic farming industry.

    The disaster that Prohibition was.

    The Homestead Act of 1909 caused grasslands to disappear, widespread drought and the dustbowl.

    The government made it harder to get opioids from doctors. While a drug habit is a bad thing, making them harder to get has resulted in skyrocketing rates of heroin use, where strength and quality are unknown, resulting in massive increases in overdose deaths.

    I could go on and on, but I don't have a spare 10 years of time to write it all.

    Anyone in the EU care for a cucumber or banana?

    Hell isn’t merely paved with good intentions; it’s walled and roofed with them. Yes, and furnished too. - Aldous Huxley
     
  16. djbaxter

    djbaxter Tazmanian Veteran

    10,481
    917
    +451
    Political debates with those who are convinced they're right is an exercise in futility.

    The reality is that you will no doubt do what you want regardless of what anyone else says. I can pick apart details in the GDPR but as I said above I think the general spirit of such laws is a good thing for consumers and such measures can be implemented without much expense. Playing fast and loose with or ignoring the security of other people's private and personal information has been going on for too long.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  17. JQP

    JQP Dork

    261
    125
    +110
    The law will only apply to really huge sites and sites that sell their users' data, so unless you own Google, Facebook or maybe Reddit or unless you've found a buyer for user names and inactive email addresses you don't have anything to worry about.

    I live in California and we're doing just fine, thank you. No need to worry about us and no need to worry about me moving in next door to you. I think I'll be staying, creeping scolicialism... er, scociaism.. er, socalitsm or not.
     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.