Shortly after passing a super-strict net neutrality bill, the California senate approved, by 21-13, another key tech measure, allowing any consumer affected by a data breech to sue for damages. People don’t even have to be customers or users of a service to sue (as previously required), which lets them take action against third-party data brokers such as the infamously leaky Equifax. The bill provides pretty tough measures, allowing people to sue for $1,000 per data breach or for monetary damages–whichever sum is greater.

Like all bills passed in a final-week voting frenzy, “SB-1121 Personal Information,” by Senator Bill Dodd, now goes to the state assembly, where it must pass or fail by August 31. If the bill succeeds, Democratic Governor Jerry Brown would then have 30 days to sign or veto it.

Why do we keep talking about California tech bills? It’s the biggest state in the U.S., with nearly 40 million people. And not only does it have this country’s biggest economy, it is now the world’s fifth largest economy, recently passing out the United Kingdom. And with a fiercely anti-regulation federal government in the U.S., California is perhaps the main source of consumer protection measures–ones that often influence companies’ practices in other states. Of course, California is also home of some of the biggest tech companies that such legislation would affect.