Personal information: maintenance.
- Prohibits businesses from storing Californians' personal data outside the U.S. without explicit consumer consent.
- Requires businesses to disclose risks of storing personal information in foreign countries.
- Bans storage of health, financial, and location data with foreign governments or their controlled entities.
- Expands California's privacy law to mandate new international data storage protections.
Assembly Member DeMaio's privacy legislation would establish new requirements for California businesses that maintain consumer personal information outside the United States, while prohibiting foreign storage of certain sensitive data categories. The bill requires businesses to inform consumers about potential risks of storing their personal information abroad and obtain explicit consent before doing so.
Under the proposed changes, businesses would be barred from maintaining health care information, financial information, or geolocation data outside U.S. borders. The bill specifically prohibits these sensitive data categories from being held by foreign governments or third parties under foreign government control. These provisions add to existing California Consumer Privacy Act requirements regarding disclosure of data collection practices and consumer rights.
The legislation builds upon the framework established by the California Privacy Rights Act of 2020, with enforcement authority vested in the California Privacy Protection Agency. Businesses would need to update their privacy policies, consent mechanisms, and data storage practices to comply with the new international data maintenance restrictions while continuing to meet current obligations around data minimization, security procedures, and agreements with third-party data handlers.
 Jacqui IrwinD Assemblymember | Committee Member |  Not Contacted | |
 Rebecca Bauer-KahanD Assemblymember | Committee Member | Not Contacted | |
 Cottie Petrie-NorrisD Assemblymember | Committee Member | Not Contacted | |
 Buffy WicksD Assemblymember | Committee Member | Not Contacted | |
 Chris WardD Assemblymember | Committee Member | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
- Prohibits businesses from storing Californians' personal data outside the U.S. without explicit consumer consent.
- Requires businesses to disclose risks of storing personal information in foreign countries.
- Bans storage of health, financial, and location data with foreign governments or their controlled entities.
- Expands California's privacy law to mandate new international data storage protections.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Assembly Member DeMaio's privacy legislation would establish new requirements for California businesses that maintain consumer personal information outside the United States, while prohibiting foreign storage of certain sensitive data categories. The bill requires businesses to inform consumers about potential risks of storing their personal information abroad and obtain explicit consent before doing so.
Under the proposed changes, businesses would be barred from maintaining health care information, financial information, or geolocation data outside U.S. borders. The bill specifically prohibits these sensitive data categories from being held by foreign governments or third parties under foreign government control. These provisions add to existing California Consumer Privacy Act requirements regarding disclosure of data collection practices and consumer rights.
The legislation builds upon the framework established by the California Privacy Rights Act of 2020, with enforcement authority vested in the California Privacy Protection Agency. Businesses would need to update their privacy policies, consent mechanisms, and data storage practices to comply with the new international data maintenance restrictions while continuing to meet current obligations around data minimization, security procedures, and agreements with third-party data handlers.
Jacqui IrwinD Assemblymember | Committee Member | Not Contacted | |
Rebecca Bauer-KahanD Assemblymember | Committee Member | Not Contacted | |
Cottie Petrie-NorrisD Assemblymember | Committee Member | Not Contacted | |
Buffy WicksD Assemblymember | Committee Member | Not Contacted | |
Chris WardD Assemblymember | Committee Member | Not Contacted |