Will the CCPA Drive More Class Action Suits? Readiness is the Best Remedy

The California Consumer Privacy Act (CCPA), as written, allows consumers to have a private right of action when their non-encrypted and nonredacted information is stolen (see Section 1798.150). What is one of the best ways to avoid litigation? Readiness.

According to a recent survey from the Carlton Fields Class Action Survey of corporate general counsel and senior legal officers, the next wave of class action lawsuits will be the result of massive data breaches. The survey also indicates that the CCPA is of particular concern. While privacy remains a hotly debated subject in the U.S., the survey results do show that corporate counsel predicts an increase in privacy class action filings. In its press release announcing the survey results, Carlton Fields said, “while most companies have not yet faced a data privacy class action, survey results show that they predict these cases as the next wave. The percentage of companies making such a prediction nearly doubled from last year’s survey, increasing from 28.9% to 54.3%.

What does “readiness” entail? Readiness includes but is not limited to, building a compliance program with action plans to address and limit the impact of a personal information incident/breach and preparing for the cost of litigation including class action exposure.

Additionally, organizations should begin to document steps taken to become CCPA compliant as this will demonstrate that a company was not negligent with data in the event of an incident/breach. Courts apply the “reasonable” standard to determine whether or not a company acted reasonably in terms of securing data, and acted reasonably upon discovery of the incident/breach.

Under the CCPA regulations as written, the Attorney General is obligated to answer questions regarding CCPA (see Rulemaking Activity). S.B. 561 would have changed this requirement authorizing the Attorney General to publish materials providing businesses with general guidance on how to comply with the law. However, since S.B. 561 is on hold in committee and likely will be blocked, the general guidance portended to be more robust than the obligation to answer questions from Rulemaking Activity has been stalled with the impact being increased risk exposure and litigation.

The CCPA will be the first significant privacy regulation in the U.S. that gives a large swath of consumers the ability to sue companies for data breaches. The statutory damage — between $100 and $750 per violation, whichever is greater (see Id. § 1798.150(a)(1)(B)-(C)) — is considerable because it will likely provoke an increase in class action litigation. In sum, companies should adopt “reasonable” practices now to be well-suited for an unreasonable suit or litigation.

Ron Naulls

Senior Manager
Technology Consulting - Security and Privacy

Subscribe to Topics

Unifying and automating financial processes enables firms to reduce operational expenses and make smarter decisions. Join #ProtivitiTech and #Microsoft to see how #Dynamics365 can support compliance requirements and changing business environments. http://ow.ly/o7kR50Mu7ns

The #DevSecOps ecosystem is people, processes and technologies interwoven to manage the application lifecycle. It's a priority to implement practices in the DevSecOps toolchain by defining a secure #IAM program. Learn more in #TechnologyInsights: http://ow.ly/wSX650MFQSL

Project portfolio management takes a centralized approach to managing and aligning projects with company goals. Protiviti's Samir Datt shares in @TechTarget how it adds value to #projectmanagement. http://ow.ly/9BUU50MF133

#ProtivitiNews #ProtivitiTech

Protiviti's @KonstantHacker joined The @QRLedger Show to discuss the quantum threat. Watch the episode to learn when Konstantinos believes the quantum apocalypse will take place and how to prepare. http://ow.ly/8s7Q50MFSKI

#ProtivitiTech #QRL #quantum #quantumcomputing

CFOs are overhauling their technology budgets as inflation, slumping economic growth and other external forces jeopardize their earnings targets. Randy Armknecht shares more with CFO Dive. http://ow.ly/GtVg50MESoI

#ProtivitiNews #ProtivitiTech #CFODive #CFO

Load More