Quantcast

NFIB: Businesses face unknown litigation risk because Cal state agency has yet to finalize privacy rules under new state law

SOUTHERN CALIFORNIA RECORD

Monday, December 23, 2024

NFIB: Businesses face unknown litigation risk because Cal state agency has yet to finalize privacy rules under new state law

Legislation
Kabateckjohnnfib

John Kabateck

A new privacy law took effect Jan. 1, but its rules remain unfinalized, leaving business owners subject to potential litigation, according to the National Federation of Independent Business.

After California voters approved Proposition 24, known as the California Privacy Rights Act (CPRA), the California Privacy Protection Agency (CPPA) was created. Its rules were expected to be finalized by July 1, 2022. 

“The problem is attorneys will now be preying on these businesses by holding them accountable for rules that have yet to be approved,” said John Kabateck, California state director for the NFIB. 

The CPPA states on its website that it is reviewing comments and its board will consider whether to adopt or further modify the proposed regulations at a future public meeting.

“We're not asking them to stop the rulemaking,” Kabateck told the Southern California Record. “We're just asking them to approve the rules before they expect small businesses or anyone to comply. That only makes sense in our legal and administrative process.”

Among the rules that concern the NFIB is one that requires the collection of consumer data, such as video footage in stores, point of sale information, receipt information, and other transactions online.

“The way the rules are developed will now require businesses to produce that data and present it to consumers,” Kabateck said. “They also must notify customers of these privacy rules that are going into effect, which we believe is a big challenge for small businesses with one or two people in the store.”

To protect themselves during the process and until the rules are finalized, Kabateck advises business owners to consult with an attorney, their human resources director, a compliance expert within their company, or access the state privacy agency’s website to learn the laws and rules.

“If they do fall under this requirement in terms of their business size, they need to make sure they're informing their consumers about what the new rules are even though they haven't been approved. And we are asking small business owners to talk to their legislators or representatives in Sacramento,” Kabateck said.

Currently, the law applies to businesses earning annual revenues of more than $25 million, while the average NFIB member employs 10 people and reports gross sales of some $500,000 a year.

"Any comfort we’re able to take seemingly out of the CPPA’s clutches is not secured by the way this new state agency has conducted itself so far," Kabateck added. "Small-business owners don’t have the financial resources to have compliance specialists on staff, so they need to know early what possibly awaits them.” 

ORGANIZATIONS IN THIS STORY

More News