Before adjourning last Friday, the California Legislature tweaked some of the language in the state’s moderately complicated version of the European Union’s General Data Protection Regulation. The California Consumer Privacy Act’s requirements applicable to personal information of employees are now somewhat less onerous for organizations, as are obligations for personal information obtained during certain business-to-business transactions.
The amendments “clarify the law for business so that it is less confusing and so that implementation efforts can stand on better footing,” says D. Reed Freeman, a partner at WilmerHale and co-chair of the law firm’s Cybersecurity and Privacy Practice and Big Data Practice. While some in the for-profit world might be celebrating these latest developments, the clock is still ticking toward the Jan. 1, 2020, effective date of the privacy law.
