In response to controversies concerning consumers’ personal information, such as the Facebook/Cambridge Analytica controversy, and a California ballot initiative that qualified for the November ballot and proposed the California Consumer Privacy Act (“CCPA Initiative”), the legislature in California responded with AB-375, which proposed an alternative version of the California Consumer Privacy Act of 2018. The authors of AB-375 worked out a compromise with the sponsors of the CCPA Initiative, and AB-375 was passed and signed by Governor Jerry Brown, becoming the California Consumer Privacy Act of 2018, codified at Title 18.1.5 of the California Civil Code (the “CCPA”). We have written about the CCPA here and here. The CCPA becomes effective January 1, 2020, though practically, businesses will need to start data mapping and recordkeeping on January 1, 2019, to be able to be in compliance upon the effective date. The legislature has already started a process of potentially amending the CCPA through SB-1121, which was originally intended as a different alternative to the CCPA Initiative (“Old SB-1121”). SB-1121 was amended on August 6, 2018, to refine the CCPA (“New SB-1121”). However, as Santa Clara University School of Law Professor Eric Goldman states in his recent article Recent Developments Regarding the California Consumer Privacy Act, New SB-1121 “represents less than 1% of the obviously needed changes to the bill.” Professor Goldman’s article does a good job of identifying errors and problems that he has collected through crowdsourcing and of summarizing proposed changes that have been submitted to the bill’s authors by leading industry groups led by the Association of National Advertisers (“ANA”)(“ANA Coalition Proposal”), as well as from public interest groups, including the Electronic Frontier Foundation (“EFF”). On August 24 New SB-1121 was further amended (“8/24 Amendment”), adding some additional notable changes such as expanding the carve out of data regulated by federal and state privacy laws for healthcare entities and financial institutions, providing for immediate preemption of local laws, and delaying enforcement of the CCPA by the Attorney General until the earlier of six months from adoption of regulations or July 1, 2020. A copy of the current bill as of August 24 is here. Unfortunately, even with the August 24 additions, much remains to be fixed and in this post, we point out issues the legislature should address.