Californians get new protections on data privacy

Sunday, December 22, 2019

By Sen. Bill Dodd (Davis Enterprise)

Anyone who’s ever noticed the same advertisements following them around the web knows their personal data is anything but private.

Companies collect information on all your online activities -- from the things you buy to your Google searches. They sell it to other businesses looking for clever ways to pitch you on more products – or worse.

It’s a practice that generates billions for internet firms and exposes your social security, credit card and other identifying information to hackers and data breaches. By one estimate, 4.1 billion records were exposed in the first half of 2019.

Until now, consumers have had little recourse. But that’s about to change.

The California Consumer Privacy Act takes effect Jan. 1, giving you the right to know the data being collected from you, how it’s being used and the chance to say no to the sale of your personal information. The act would also grant a consumer the right to request deletion of personal information. It brings much-needed transparency and control, while holding companies accountable if they don’t comply.

The law, which I co-authored last year with Sen. Bob Hertzberg and Assemblymember Ed Chau, is the toughest of its kind in the nation. My hope is it will be a model for other states to follow.

I know firsthand the pain of having your identity stolen. It happened to me and it took years to straighten out. After watching others hit by headline-grabbing data breaches at companies like Equifax, Target and Cambridge Analytica, I decided to act, introducing a bill to deter companies from carelessly exposing your personal information to data breaches by imposing monetary damages on reckless businesses.

It was an idea that was supported by my legislative colleagues as well as San Francisco businessman Alastair MacTaggart, who was gathering steam on a data privacy ballot initiative. We joined forces, combining our ideas in Assembly Bill 375 – known as the California Consumer Privacy Act of 2018 – which won overwhelming support. It is comparable in many ways to the European Union’s General Data Protection Regulation, adopted in 2016.

Starting Jan. 1, companies with at least $25 million in revenue – or those collecting information of more than 50,000 people -- must have a place on their websites for consumers to request information that has been tracked and request to opt out of future collection. It will be enforced by the California attorney general. Separately, companies causing data breaches because of their recklessness face a potential $750 in damages per incident, payable to each victim.

Our state is continually pushing the envelope on technology, and we can protect individual privacy without stifling innovation. Californians deserve the right to choose whether their information is collected and how it is used. And firms need to respect data privacy and act responsibly.  Now, more than ever, it’s time we regulate it appropriately and hold bad actors accountable. 

While this new law provides consumers powerful new decision-making authority over their personal information, it’s critical that everyone take the time to know and exercise their rights.


Senator Bill Dodd represents California’s 3rd Senate District, which includes all or portions of Solano, Napa, Sonoma, Yolo, Sacramento, and Contra Costa counties. You can learn more about Senator Dodd at