On May 16, 2019, the California Senate Appropriations Committee blocked Senate Bill 561, legislation that would have expanded a private right of action under the California Consumer Privacy Act (CCPA).

Signed into law on June 28, 2018, by then-Governor Jerry Brown, CCPA enhances privacy rights and consumer protection for California residents. The law goes into effect Jan. 1, 2020. The California Attorney General’s Office will begin enforcing the law on July 1, 2020, or six months after it publishes the final regulations, whichever comes first. 

On February 25, 2019, California Attorney General Xavier Becerra and California State Senator Hannah Beth-Jackson introduced SB 561. Had it become law, SB 561 would have allowed consumers to sue businesses if any of their rights had been violated. 

As it stands, the CCPA only allows consumers to bring actions against companies if their unencrypted personal information was subject to data breaches because those companies failed to implement reasonable data breach security measures.

In addition, SB 561 would have removed the 30-day cure period requirement for enforcement actions brought by the attorney general. Currently, a business would only be in violation of the CCPA if it doesn’t cure any alleged violation within 30 days after being notified of alleged noncompliance.

SB 561, however, would have allowed the attorney general to bring enforcement actions for a violation of the CCPA even if a business had “cured” the alleged violation. The proposed amendment would no longer allow a company to seek guidance from the attorney general about how to comply with the CCPA.

Instead, SB 561 stated that the attorney general “may publish materials that provide businesses and others with general guidance” on how to comply with the CCPA.