The measure also demands disclosures that make it clear how and when consumers can opt out.

This wouldn't necessarily prevent another incident on the scale of the Cambridge Analytica mess, but the ramifications could still be far-reaching. While there's plenty of regulation for companies that collect data directly from users, there's virtually nothing in the US for the companies that are entirely disconnected from the people whose data they're trading. In theory, this establishes a baseline level of security and keeps companies from abusing your info.

There's a bigger question surrounding the long-term effects of the law. While TechCrunch noted that the legislation should be clearly worded enough to prevent data brokers from slipping through the cracks, it remains to be seen how well this works in practice. Also, this is just one state -- it's not certain that other states will follow suit. If it does stop fraudsters, though, there's a good chance other parts of the country will follow suit.