The California Consumer Privacy Act of 2018 (CaCPA) will affect almost all health care companies processing personal information of California residents beginning January 1, 2020. Conceived and signed into law in about one week’s time under threat of the certification of a well-financed and popular ballot initiative, CaCPA had little public debate and is poorly drafted to the extent that many key terms were left undefined or appear to have contradictory applications within the statute. However, CaCPA also creates new enforcement mechanisms whose penalties could cripple many businesses.
CaCPA requires “businesses” that have some role in the “processing” of California “consumers’” “personal information” to provide a long list of privacy rights, including a notice of privacy policies, the right to request an accounting of disclosures, the right of access to their personal information, and the right to have their personal information deleted. Legal experts agree that CaCPA defines these terms very broadly and that the act will apply to organizations across health care that are processing these data throughout the United States and the world.
David Holtzman talks more on California's new law. Click here to read the full story.