Cost, compliance, and a prohibition on legislative remedies cited as reasons to oppose the proposed ballot initiative
At a June 12 hearing held by the Assembly Privacy and Consumer Protection Committee, NFIB California State Director John Kabateck testified about the concerns small businesses have with the California Privacy Rights Act, a proposed November ballot initiative greatly expanding the California Consumer Privacy Act, which only went into effect this year and whose final rules the attorney general just came up with only this month.
“Make no mistake. Small-business owners and operators understand the importance of protecting customers’ personal information,” said Kabateck. “Nobody wants their information getting into the wrong hands. Since the CCPA and subsequent amendments passed, our members have shouldered the costly burden of implementing the technological and operational measures necessary to comply with the law. I will add that businesses are doing their best to ensure compliance with the final regulations, made available one week ago, before enforcement begins just over two weeks from now.”
The costs of the CCPA alone are already tremendous, testified Kabateck. “Passage of the CPRA will require business owners to revise their privacy programs once again and take on new unforeseen costs.”
The economic analysis on the CCPA, prepared for the Attorney General’s office, estimated that the overall compliance cost to the California business community would amount to approximately $55 billion. Moreover, the cost per each individual small business would be approximately $50,000. Meanwhile, many of these businesses have been shuttered since March with many remaining boarded up to this day.
One step further the CPRA would take that the CCPA doesn’t is its call for a new enforcement department. “I expect the proponents will say that $10 million [the cost of establishing a new department] a year is not significant. But, business owners and taxpayers are going to be asked to finance the budget shortfall for many years. To propose any new government program or agency in the middle of this serious economic crisis, when the state is considering massive cuts in other key areas, is highly inappropriate and insensitive to the challenges facing business owners.”
The CPRA’s prohibition of legislative refinement of the proposed law is another sticking point, according to Kabateck. “If we have learned anything from the CCPA episode, it is that these laws require immense thought, consideration, and even an entire additional legislative session to make them workable. If this law goes to the ballot and passes, the initiative ties the hands of the governor and the legislature. Privacy is very complicated, major technology changes will require adjustments to the law, and the impact of the CCPA is not known. Californians should not be required to take that risk. Privacy policy should be developed by the Legislature.”
Resources
- Click here for a one-page fact sheet on the CPRA.
- The Legislative Analyst’s Office information for the hearing can be read here.
- Check out the Small Busines Central–California Consumer Privacy Act story on the NFIB California website for media mentions of NFIB’s position.