Consumer data privacy appears to be on the minds of legislators in Arizona this session. As previously mentioned, House Concurrent Resolution 2013 was introduced in Arizona on Jan. 10, 2020, by five Republicans and one Democrat declaring:
- That the Members of the Legislature oppose the enactment of laws, the adoption of regulations or the imposition of out-of-state standards that would restrict or otherwise dictate standards related to consumer data privacy, absent a clear nexus with consumer harm.
- That the Members of the Legislature believe a single federal standard for comprehensive consumer data privacy regulation is preferable to a state-by-state approach.
Not surprisingly, that sentiment was not universally shared and SB 1614 was introduced on Feb. 5, 2020, by 13 Democrats. The legislation is CCPA Lite, providing consumers the right to know, delete and opt-out of the sale of information. The legislation would apply to a for-profit business that “does business in Arizona” and:
- Has annual gross revenue in excess of $15 million;
- Buys, receives, sells or shares the personal information of 50,000 or more consumers; or
- Derives 50% or more of its annual revenue from the sale of consumers’ personal information.
Unlike the CCPA and legislation pending in other states, the bill does not provide any GLBA, HIPAA or FCRA exemptions.
In the event of a breach due to the failure to maintain reasonable security measures, a consumer may file suit for statutory damages of $100 to $750 per consumer per incident, or actual damages. A 30-day notice and opportunity to cure provision is included but only applies to an action for statutory damages and does not apply if the action is for “actual pecuniary damages.” The attorney general would be authorized to seek civil penalties up to $7,500 per violation.
[…]
This is an excerpt.
Click here to view full original article at www.lexology.com