American sociologist Robert Merton is credited with formally recognizing, analyzing and even popularizing what some have called the law of unintended consequences.

When individuals, corporations, organizations and governments take actions, they often see only the potential benefits. But lurking in the shadows are unforeseen effects, very often negative ones.

When, for example, California constructed elaborate systems to capture and distribute water and an equally massive array of freeways during the post-World War II era, they were seen at the time as unleavened social improvements.

WeeklyWalters: your Friday newsletter for all of Dan's columns.

Only later was it realized that diverting water from its natural flows would have negative impacts on fish and other wildlife, or that expanding highways would result in suburban sprawl and mind-numbing traffic congestion—in both cases requiring even more elaborate schemes to combat those effects.

California’s most dramatic case of unintended consequences in recent decades was, by unanimous votes of both legislative houses, the 1996 “deregulation” of California’s electric power system.

Its advocates promised nothing but upsides for consumers, but it quickly turned out to be a monumental disaster. It created a mechanism for energy traders to game, forced one major utility into bankruptcy, nearly did so to another and cost California consumers untold billions of dollars.

It happened because no legislator had the courage to ask the pertinent questions about the potential downside of the sweeping changes being proposed.

Late last month, the Legislature enacted a 9,900-word bill purporting to protect Californians’ personal and financial information from being revealed without their permission.

This legislation was hastily drafted to persuade San Francisco developer and privacy advocate Alastair Mactaggart to drop an initiative ballot measure on the same issue that he had qualified for the November ballot, one that the state’s powerful technology industry opposed.

Mactaggart embraced the legislative alternative, thereby averting what would have been a very expensive battle, and those in the Capitol hailed it as a great victory for consumers and the political process. But was it?

For one thing, as CALmatters’ Dan Morain points out, it applies only to the collection and dissemination of the data by private businesses and exempts state and local governments, thereby continuing the state’s practice of imposing laws on others while exempting itself from obeying those same laws.

So while businesses that violate its provisions could be sued for truly stupendous amounts of damages, governments would be immune, even though government databanks are just as susceptible to hacking as those in private business.

There are some, moreover, who see downsides for the consumers the new law purports to protect.

The Wall Street Journal reports that numerous business representatives see the new law as making it more difficult, and perhaps impossible, for firms to continue loyalty reward programs for their customers if they cannot collect data on spending habits.

It also sets California apart from the 49 other states, meaning a lack of uniformity in business practices that will be confusing to corporations and consumers alike—but potentially big paydays for lawyers who specialize in class-action lawsuits.

None of us wants to see our personal and financial information treated cavalierly or exposed to hackers, allowing us to become victims of identity theft. But any legislation that purports to protect us should be subjected to a rigorous stress test to reveal potential downsides.

It recalls another aphorism: Act in haste, repent at leisure. It’s another way of seeing Merton’s warning about unintended consequences.