CHLA Lodging News May/June 2019

16 CALIFORNIA LODGING NEWS www.calodging.com DATA BREACHES AND UNAUTHORIZED DISCLOSURES of sensitive personal information have become epidemic. Like other states, California has enacted several laws designed to safeguard the privacy of individuals’ personal information. The latest and most extensive California privacy protection law—the California Consumer Privacy Protection Act (CPPA), California Civil Code Sections 1798.100, et seq—was enacted in 2018 and will become effective January 1, 2020. Businesses, including hotels and other lodging operations covered by the CPPA, need to take steps ASAP to meet the 1.1.2020 effective date. (NOTE: The CPPA is similar to the European Union General Data Protection Regulation, which regulates American enterprises, including hotels, that obtain personal information related to EU citizens. There are, however, many differences between the two. More information about the GDPR is available in the members only section of CHLA’s website at www.calodging.com. ) What is the CPPA Intended to Accomplish? The CPPA is intended to protect “consumers” (i.e., a natural person who is a California resident, however identified, including by any unique identifier) with the regard to their “personal information” (the CPPA’s definition of personal information is extremely broad—see Civil Code Sections 1798.140 and 1798.80). CPPA gives consumer a number of important rights: 1. The right of Californians to know what personal information is being collected California Consumer Privacy Protection Act of 2018 By Jim Abrams, CHLA Member Legal Advisor