This overlapping authority and jurisdiction can lead to so-called "piling on," where one investigation by or settlement with a regulatory authority is followed by another. (Credit: Chris Ratcliffe/Bloomberg)
Data protection regulation in the United States is famously fragmented. A patchwork of federal and state requirements overlap, and periodically conflict, when it comes to the protection of consumer data. And these overlapping regulatory regimes do not even agree when it comes to the definition of "consumer."
The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), defines a "consumer" as "a California resident," whether that person is acting in a personal or business capacity, even in the employment arena. Realizing the broad reach of this definition, the California Legislature included a carve-out in an early amendment to CCPA that excluded employment-related and certain business-to-business information from the scope the Act.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
