An early sign of how aggressive California’s new privacy regulator will be is who gets tapped to help lead the first-of-its-kind agency in the U.S. as part of its board.
The board will have to make several initial decisions that will set the tone for the state’s sweeping privacy law, including picking an executive director and setting enforcement priorities. State officials are expected to start naming board members next month, ahead of a March deadline.
The California Consumer Privacy Act, which took effect Jan. 1, gives residents the right to know what personal information businesses are collecting and request it be deleted. The California Privacy Rights Act, passed by ballot measure last month, enhances penalties for violations involving children’s data and expands the law’s opt-out rights.
Although the idea of a regulator focused solely on privacy may “cause some fear” among companies, an agency with a board well-steeped in the technicalities of privacy and data security could actually benefit businesses, said Brandon Reilly, a partner at Manatt, Phelps & Phillips LLP in Costa Mesa, Calif.