Steve Peace and Michael Thorsnes, sponsors of the California Personal Privacy Initiative, have given up on collecting the 807,615 signatures needed to qualify the measure for the ballot.

The proposed measure sought to amend the California Constitution in a number of ways:

  1. to create a presumption that any and all personally identifying information collected for a commercial or governmental purpose is confidential
  2. to require the person or entity collecting personally identifying information for commercial or governmental purposes to use any and all reasonably available means to protect it from unauthorized disclosure
  3. to create a presumption of harm whenever someone’s confidential personally identifying information is disclosed without his or her authorization
  4. to create a safe harbor for unauthorized disclosure if there is a countervailing compelling interest and there is no reasonable alternative for accomplishing said interest

One of the effects of these changes would be a major impact on litigation as privacy and security data breach class actions often do not succeed due to the difficulty of proving harm to the plaintiffs. Just last month, an Illinois federal judge dismissed a class action lawsuit accusing Barnes & Noble Inc. for being responsible when a security breach of PIN pads in 63 of their retail stores may have divulged customers’ personal information. The judge dismissed the lawsuit, finding that the plaintiffs did not sufficiently show they had suffered any harm from the breach. A presumption of harm would have gone a long way towards helping the plaintiffs obtain a significant settlement from Barnes & Noble Inc.

California’s Legislative Analyst’s Office, in a review of the proposed constitutional initiative, found that the presumption of harm would “make it easier for individuals to win privacy lawsuits against state and local governments” and result in “unknown but potentially significant costs to state and local governments from additional or more costly lawsuits, increased court workload, data security improvements, and changes to information-sharing practices.” The Sacramento Bee reported that the Legislative Analyst’s Office opinion was a major reason for dropping the initiative saying that Steve Peace “struggled to coalesce the entire privacy community and ‘couldn’t in good conscious ask people to spend 25 million bucks’ on a proposal ‘where we were going to have to spend all of our time on defense’ because of the analyst’s analysis.”

“California Personal Privacy Ballot Initiative Dropped” was written by Sam Imandoust, Esq., CIPP, CIPA. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.