In recent weeks two data breaches have made headlines across the country, once again drawing attention to the need for businesses to take steps to safeguard customer data. Dealers have a legal obligation to safeguard their customer’s information under both federal and state law, in most jurisdictions. These breaches may also increase the salience of data security issues for customers, meaning that your customers may start to ask questions about how you will protect their data and demand good answers. With the legal obligations aligning with customer expectations, now is the time more than ever to act.

The California Consumer Privacy Act (CCPA), which was enacted in June of 2018 and will go into effect on January 1, 2020, is likely to undergo additional changes as the California Legislature enters the final stretch of the legislative year. We have previously updated you on legislation supported by the California Attorney General that would expand the scope of the law and increase consumer’s opportunities for consumers to bring lawsuits for alleged violations of the law. The good news is that the worst aspects of these proposed changes were defeated in committee and will not be enacted this year. The bad news is that some of the more important proposed business-friendly protections have been narrowed.