On October 8, 2023, Gov. Gavin Newsom (D-CA) signed Assembly Bill 947 (AB 947) into law, adding citizenship and immigration status to the California Consumer Privacy Act’s (CCPA) definition of “sensitive personal information.” AB 947 was first introduced in February 2023 but amended in March 2023 to focus on amendments to expand the definition of “sensitive personal information.”
The CCPA grants California residents (“consumers”) various rights with respect to their personal information collected by businesses, such as the right to know what personal information a business collects about them, how it is used and shared, and the right to opt-out of the sale or sharing of their personal information. The California Privacy Rights Act’s (CPRA) amendments to the CCPA added “sensitive personal information” as a sub-category of “personal information” and the right for consumers to limit the use and disclosure of their sensitive personal information.
Effective January 1, 2024, AB 947 expands “sensitive personal information,” which includes government identifiers, precise geolocation, information concerning sexual orientation, racial or ethnic origin, religious or philosophical beliefs, and union membership, to now include a consumer’s citizenship and immigration status. This broadens the types of consumer information that might trigger a consumer’s rights under the CCPA and potentially expose a business to liability. Businesses subject to the CCPA should review existing practices and disclosures around sensitive personal information to ensure citizenship and immigration status are covered.
Please contact a member of Akin’s cybersecurity, privacy and data protection team to learn more about how your company can adapt and revise existing policies and practices around sensitive personal information.
