California Senate Bill 1121 amends and clarifies the California Consumer Privacy Act of 2018 that was passed into law earlier this year and is scheduled to take effect on January 1, 2020. In particular, the Bill clarifies that the Act does not apply to personal information “collected, processed, sold, or disclosed pursuant to” either the Gramm-Leach-Bliley Act (GLBA) or the California Financial Information Privacy Act (CFIPA).
Of note, however, the definition of “personal information” covered under the Act is generally broader than the definition of “nonpublic personal information” covered under the GLBA and CFIPA, and, therefore, entities regulated under those laws are unlikely to be exempt from the Act with respect to all consumer data they collect. In addition, the amendments clarify that businesses that are otherwise exempt under the provisions above can still be liable under the Act in the event of a data breach.
The California Consumer Privacy Act of 2018, which the Bill amends, made significant changes to the regulatory landscape governing businesses that collect and use data concerning California consumers, including by granting consumers certain rights regarding disclosure and deletion of personal information, as well as a right to opt out of allowing a business to sell their personal information and a prohibition against discriminating against consumers who exercise these rights.