According to media reports, sponsors of a ballot initiative to add significant privacy rights to the California constitution, as reported here, have now dropped the initiative. The sponsors’ decision not to pursue the initiative was reportedly based upon warnings from the California Legislative Analyst’s Office regarding the proposed amendments’ “Unknown but potentially significant costs to state and local governments from additional or more costly lawsuits, increased court workload, data security improvements and changes to information-sharing practices,” which potential impact was reported on the California Secretary of State website.
Companies collecting data of California residents would have faced similarly unknown but potentially significant costs from the proposed amendments, which would: (a) create a presumption of harm where an individual’s confidential personally identifying information (“PII”) has been disclosed without his or her authorization; (b) create a presumption that California residents’ PII is confidential; and (c) prohibit companies from sharing California residents’ PII without authorization, unless there are countervailing compelling interests (such as public safety) and no reasonable alternative for accomplishing such compelling interest. For this purpose, PII would have been defined very broadly to include “any information which can be used to distinguish or trace a natural person’s identity” other than publicly available information. Had the referendum passed, it would have been reasonable to expect a substantial increase in privacy and data breach class action litigation.