Additional data protection and privacy laws are coming to San Francisco and elsewhere in the Golden State.
In November, San Franciscans voted 58 percent in favor of a local measure to put data privacy guidelines into the city charter and require the city administrator to propose a data privacy ordinance by May 29, 2019.
Among other things, the measure requires the city to consider the importance of securing personal information, including preventing accidental loss of data, when mulling new laws, regulations, policies and practices. The measure applies to city government, companies that do business with the city, and businesses that receive licenses or permits from the city.
Palo Alto, Calif.-based attorney Cynthia Cole said in a statement that “San Francisco will not be the only municipality or local legislative body to adopt strict data protection principles and ordinances going forward. This is just the beginning and businesses should be mindful.”
A client alert from law firm Reed Smith noted the City by the Bay is the second major U.S. city, after Chicago, to take “expansive action to protect residents from the misuse and misappropriation of their personal data by corporations for profit.”
Statewide data privacy laws
Separately, California State Legislature this year passed two pieces of legislation. Both were signed into law. In June, the legislature passed Assembly Bill 375, which establishes the California Consumer Privacy Act of 2018. It gives consumers the right to to access, delete or prohibit the sale of information about them collected by companies.
In August, lawmakers approved Senate Bill 327, which requires manufacturers to equip connected devices with data security features. The American Bar Association Journal has more details on the legislation.
Secure data destruction services are becoming a bigger part of the ITAD and e-scrap industry as data breaches grow in scale and damage to companies and governments. Additionally, more governments are looking to adopt laws inspired by the European Union’s General Data Protection Regulation (GDPR), which places requirements on all entities handling EU citizens’ data, including electronics recycling companies.
Bob Johnson of the National Association for Information Destruction (NAID) in December 2017 wrote about how GDPR brings new obligations and opportunities for the electronics recycling industry. Sims Recycling Solutions also produced an infographic summarizing its effects on the industry.
Photo credit: Matt Moldenhauer/Shutterstock
More stories about data security
- Study finds sensitive data remains on used drives
- Personal info abounds on used devices
- Survey shows consumer data protection attitudes