My friends at BizFed, the Los Angeles Business Federation, just released the results of their May survey of business owners. Among other disturbing findings on the impact of COVID-19 on the businesses, almost half of all respondents said their revenues have dropped by more than 50%. And our organization, the NFIB, the leading small business advocacy organization in California, recently reported that as many as 50% of small businesses are destined for failure if things don’t improve soon after Memorial Day.
Is this the time to be hobbling their recovery with more costs?
In December 2019, the Attorney General released a study that found compliance with the California Consumer Privacy Act (CCPA), which took effect on January 1 of this year, would cost California business approximately $55 billion dollars. Stressed business owners were already worried about those costs, including hiring lawyers and technology experts to re-engineer their company systems.
Now in the middle of this pandemic and its devasting health and financial impacts, the sponsor of the CCPA, Alastair Mactaggart, is attempting to qualify the California Privacy Rights Act (CPRA), an initiative which will impose new set of mandates, add additional compliance costs, create a new government agency, and inject more confusion for those who have to comply and those who want their personal information private.
While the Newsom Administration is working with labor, business leaders and academics to restore the economy, this initiative will add more obstacles to the recovery process. Not only does the initiative contain major flaws, but the timing of this initiative is incredibly insensitive and tone deaf to the problems that business owners are facing.
Make no mistake: small business owners and operators understand the importance of protecting customers’ personal information – that has always been true. Nobody wants their information getting into the wrong hands.
But the CPRA would require business owners to revise the privacy procedures they just finished and take on new, unforeseen costs and compliance obligations. And while the state faces a $54 billion dollar budget deficit, the initiative would establish a new privacy agency — even though the Department of Justice is already charged with enforcing privacy laws.
If we have learned anything from the CCPA clean-up bills and implementation schedule, it is that privacy laws require immense thought, consideration, and legislative action to make the law workable. If the CPRA passes, it would prohibit the legislature from making necessary adjustments to the law and preclude the legislature from taking immediate action to protect public health and safety. Voters have the right to limit the actions of the Legislature. But the legislators and interested parties need to tell the sponsors that limiting the Legislature’s power to amend privacy law will be highly problematic.
The initiative proponents have until the June 25th qualification deadline to make a final decision about moving forward with this poorly timed effort. I urge them to consider the collateral damage the CPRA measure will inflict on business owners trying to crawl out of a hole towards recovery. If they do so, they will realize the business community cannot afford additional costs or confusion as the state begins to reopen our fragile economy.
Californians have spent five months working collaboratively toward common goals. We must continue to move forward with that same purpose. Initiative proponents should pull their proposal from the ballot consideration and instead, work with the legislature on thoughtful, responsible, timely solutions to complex privacy issues.