Last year, new privacy regulations became effective in Massachusetts, which required businesses to take a series of actions whenever they held personal financial information of Massachusetts residents. The law had far-reaching implications because it could effectively cover businesses that had no other ties to the Commonwealth. Now California is making its own privacy grab by targeting the (somewhat dubious) privacy policies of Facebook and other social networking sites with the proposed "Social Networking Privacy Act". Anyone who uses Facebook, Google, Twitter, and the like knows that it is difficult to control how your personal information is stored and used - or frankly, what each site's fluid policies even cover at any given time. This has caused well-documented user confusion and angst, and has led to many privacy breaches.
But California is pushing privacy restrictions to a new level. The Massachusetts privacy law, for example, regulated mostly back end processes and governed how personal information would be protected by the companies once it was acquired. The difference here is that California's bill will affect how the companies interact with their California users, from requiring how the companies collect the personal information, to what they can do with it. The bill would require Facebook and the others to change not only how they collect information from their users, but also what information can be posted by default, and how information can be removed. One provision gives parents the right to remove information posted by "minors", meaning anyone under the age of 18 (a provision that I am sure would not exactly be popular with high school students).
The bill will likely not make it into law in its current form, partly because of this alliance of powerful opponents. But it is clear that states are starting to take privacy issues very seriously, and, in the absence of a federal alternative, will still try to take action to protect its citizens.