The law also outlines specific language that companies who do business with California residents must include in their online privacy policies.

[5] The bill's co-authors included State Senators Dede Alpert, Sheila Kuehl, Gloria Romero, and Nell Soto.

In support of the bill, Figueroa's office offered the State Senate numerous examples of lists of personal information available for purchase on the Internet.

[6]After approval in the Senate, the bill went to the California State Assembly, where a number of concerns arose regarding "undue burden" placed on businesses.

In addition, a business must do at least one of the following: Businesses must provide to the consumer a complete list of all personal information disclosed to third parties and the nature of that information within 30 days of the request (150 days if a request goes to another address or contact point that is not the designated contact point).

[2] However, if a business fails to meet a consumer's request according to the law, that customer is entitled to recover civil damages of up to $500.

Researchers compiled a list of 112 businesses that were subject to SB 27 and did not supply an opt-out option that would exempt them from required disclosure.