Will the CCPA Drive More Class Action Suits? Readiness is the Best Remedy

The California Consumer Privacy Act (CCPA), as written, allows consumers to have a private right of action when their non-encrypted and nonredacted information is stolen (see Section 1798.150). What is one of the best ways to avoid litigation? Readiness.

According to a recent survey from the Carlton Fields Class Action Survey of corporate general counsel and senior legal officers, the next wave of class action lawsuits will be the result of massive data breaches. The survey also indicates that the CCPA is of particular concern. While privacy remains a hotly debated subject in the U.S., the survey results do show that corporate counsel predicts an increase in privacy class action filings. In its press release announcing the survey results, Carlton Fields said, “while most companies have not yet faced a data privacy class action, survey results show that they predict these cases as the next wave. The percentage of companies making such a prediction nearly doubled from last year’s survey, increasing from 28.9% to 54.3%.

What does “readiness” entail? Readiness includes but is not limited to, building a compliance program with action plans to address and limit the impact of a personal information incident/breach and preparing for the cost of litigation including class action exposure.

Additionally, organizations should begin to document steps taken to become CCPA compliant as this will demonstrate that a company was not negligent with data in the event of an incident/breach. Courts apply the “reasonable” standard to determine whether or not a company acted reasonably in terms of securing data, and acted reasonably upon discovery of the incident/breach.

Under the CCPA regulations as written, the Attorney General is obligated to answer questions regarding CCPA (see Rulemaking Activity). S.B. 561 would have changed this requirement authorizing the Attorney General to publish materials providing businesses with general guidance on how to comply with the law. However, since S.B. 561 is on hold in committee and likely will be blocked, the general guidance portended to be more robust than the obligation to answer questions from Rulemaking Activity has been stalled with the impact being increased risk exposure and litigation.

The CCPA will be the first significant privacy regulation in the U.S. that gives a large swath of consumers the ability to sue companies for data breaches. The statutory damage — between $100 and $750 per violation, whichever is greater (see Id. § 1798.150(a)(1)(B)-(C)) — is considerable because it will likely provoke an increase in class action litigation. In sum, companies should adopt “reasonable” practices now to be well-suited for an unreasonable suit or litigation.

Ron Naulls

Senior Manager
Technology Consulting - Security and Privacy

Subscribe to Topics

Join as we discuss "Gender Equity in the Workplace" with featured speaker, @salesforce EVP and CIO Jo-ann de Pass Olsovsky. http://ow.ly/UFzw50GV5cr

#ProtivitiTech #prowebinars #genderequity #technology #womenintechnology #equity #inclusion

Protiviti's Jim McDonald and Jeff Steadman talk with Nicholas Brown of @Hitachi_ID about chaos in the #identity space like #ransomware, #userexperience and multi #cloud. http://ow.ly/aTOh50GTWOg

Technology skills are in high demand, but how do companies ensure they remain inclusive for younger and older workers alike? Protiviti's Cheryl Mathieu, Jez Haisman and Belton Flournoy share their thoughts with @Consultancy_uk: http://ow.ly/B1PR50GTHTJ

With a hospitality client, #ProtivitiTech identified where #automation could save time and reduce the chance of manual errors. Given the range of options available, the challenge was which tools to use. Learn more: http://ow.ly/sucC50GTtxo

Cloud migrations are inevitable for some enterprises as they navigate a move off premises or between clouds. Protiviti's Randy Armknecht evaluates some of the latest migration trends and the pros and cons that come with each in this @TechTarget article. http://ow.ly/22sW50GS5bJ

Load More...