In an era of increasing attention to digital privacy, the California Legislature recently passed the DELETE Act (SB 362), now waiting for the signature of Governor Gavin Newsom. The legislative move represents an attempt to broaden the definition of ‘data broker’, potentially implicating many businesses unaware of falling under this category. Specifically, the law would apply to any businesses that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship. A detailed analysis of this Act can be found at JD Supra.
Certain caveats do exist within the legislation. Exemptions have been carved out for businesses operating under the Fair Credit Reporting Act (FCRA), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), and the insurance privacy protection act.
In context, the DELETE Act underscores a wider shift in digital law across the world. Amidst growing concern on consumer data exploitation, legal developments such as General Data Protection Regulation (GDPR) in European Union, Personal Data Protection Bill (PDP) in India, and now the DELETE Act in California mark a global attempt to secure digital rights and privacy.
The implications of the DELETE Act are substantial for the corporate world. And as digital operations become more integral to the global economy, maintaining compliance with increasingly stringent data privacy laws will be essential for longevity and reputation of businesses everywhere. Business leaders and legal professionals therefore need to stay abreast with such developments, understand their complexities, and mould their operations in compliance with the law.
This impending law emphasises the need for legal departments within corporations to enhance their understanding of data protection regulations. Furthermore, it showcases the importance of a proactive approach to mitigate any potential legal liabilities concerning data privacy.