Technology Insights HOME | Perspectives on Technology Trends

Technology Insights HOME

Perspectives on Technology Trends

Search

ARTICLE

2 mins to read

Will the CCPA Drive More Class Action Suits? Readiness is the Best Remedy

Views
Larger Font
2 minutes to read

The California Consumer Privacy Act (CCPA), as written, allows consumers to have a private right of action when their non-encrypted and nonredacted information is stolen (see Section 1798.150). What is one of the best ways to avoid litigation? Readiness.

According to a recent survey from the Carlton Fields Class Action Survey of corporate general counsel and senior legal officers, the next wave of class action lawsuits will be the result of massive data breaches. The survey also indicates that the CCPA is of particular concern. While privacy remains a hotly debated subject in the U.S., the survey results do show that corporate counsel predicts an increase in privacy class action filings. In its press release announcing the survey results, Carlton Fields said, “while most companies have not yet faced a data privacy class action, survey results show that they predict these cases as the next wave. The percentage of companies making such a prediction nearly doubled from last year’s survey, increasing from 28.9% to 54.3%.

What does “readiness” entail? Readiness includes but is not limited to, building a compliance program with action plans to address and limit the impact of a personal information incident/breach and preparing for the cost of litigation including class action exposure.

Additionally, organizations should begin to document steps taken to become CCPA compliant as this will demonstrate that a company was not negligent with data in the event of an incident/breach. Courts apply the “reasonable” standard to determine whether or not a company acted reasonably in terms of securing data, and acted reasonably upon discovery of the incident/breach.

Under the CCPA regulations as written, the Attorney General is obligated to answer questions regarding CCPA (see Rulemaking Activity). S.B. 561 would have changed this requirement authorizing the Attorney General to publish materials providing businesses with general guidance on how to comply with the law. However, since S.B. 561 is on hold in committee and likely will be blocked, the general guidance portended to be more robust than the obligation to answer questions from Rulemaking Activity has been stalled with the impact being increased risk exposure and litigation.

The CCPA will be the first significant privacy regulation in the U.S. that gives a large swath of consumers the ability to sue companies for data breaches. The statutory damage — between $100 and $750 per violation, whichever is greater (see Id. § 1798.150(a)(1)(B)-(C)) — is considerable because it will likely provoke an increase in class action litigation. In sum, companies should adopt “reasonable” practices now to be well-suited for an unreasonable suit or litigation.

Was this article helpful to you?

Thanks for your feedback!

Subscribe to the Tech Insights Blog

Stay on top of the latest technology trends to keep your business ahead of the pack.

In this Article

Find a similar article by topics

Authors

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

For project managers, managing risks and issues is akin to steering a ship through the open ocean. There are moments...

Article

What is it about

According to the annual Sonatype State of the Software Supply Chain Report, open source software (OSS) consumption is growing at...

Article

What is it about

If the year 2020 taught us anything, it was to expect the unexpected. During this unique time, we saw companies...