Will the CCPA Drive More Class Action Suits? Readiness is the Best Remedy

The California Consumer Privacy Act (CCPA), as written, allows consumers to have a private right of action when their non-encrypted and nonredacted information is stolen (see Section 1798.150). What is one of the best ways to avoid litigation? Readiness.

According to a recent survey from the Carlton Fields Class Action Survey of corporate general counsel and senior legal officers, the next wave of class action lawsuits will be the result of massive data breaches. The survey also indicates that the CCPA is of particular concern. While privacy remains a hotly debated subject in the U.S., the survey results do show that corporate counsel predicts an increase in privacy class action filings. In its press release announcing the survey results, Carlton Fields said, “while most companies have not yet faced a data privacy class action, survey results show that they predict these cases as the next wave. The percentage of companies making such a prediction nearly doubled from last year’s survey, increasing from 28.9% to 54.3%.

What does “readiness” entail? Readiness includes but is not limited to, building a compliance program with action plans to address and limit the impact of a personal information incident/breach and preparing for the cost of litigation including class action exposure.

Additionally, organizations should begin to document steps taken to become CCPA compliant as this will demonstrate that a company was not negligent with data in the event of an incident/breach. Courts apply the “reasonable” standard to determine whether or not a company acted reasonably in terms of securing data, and acted reasonably upon discovery of the incident/breach.

Under the CCPA regulations as written, the Attorney General is obligated to answer questions regarding CCPA (see Rulemaking Activity). S.B. 561 would have changed this requirement authorizing the Attorney General to publish materials providing businesses with general guidance on how to comply with the law. However, since S.B. 561 is on hold in committee and likely will be blocked, the general guidance portended to be more robust than the obligation to answer questions from Rulemaking Activity has been stalled with the impact being increased risk exposure and litigation.

The CCPA will be the first significant privacy regulation in the U.S. that gives a large swath of consumers the ability to sue companies for data breaches. The statutory damage — between $100 and $750 per violation, whichever is greater (see Id. § 1798.150(a)(1)(B)-(C)) — is considerable because it will likely provoke an increase in class action litigation. In sum, companies should adopt “reasonable” practices now to be well-suited for an unreasonable suit or litigation.

Ron Naulls

Senior Manager
Technology Consulting - Security and Privacy

Subscribe to Topics

Are you interested in becoming a #quantum coder? The #quantumcomputing industry is struggling to find talent. Join #ProtivitiTech host @KonstantHacker for a chat about the path to this exciting career with Peter Noell from @ColdQuanta. http://ow.ly/JkKv50KRRcW

In this #ProtivitiTech webinar, we will walk through #security breach case studies we have responded to, break down how attackers targeted and exploited the environments, and how the attacker was able to evade detection or exfiltrate #data. Register now: http://ow.ly/wFL950KQRiZ

In this #ProtivitiTech webinar, hear from panelists that are leading the way in #cybersecurity as they share their experiences on how #genderdiversity plays into the broader #talentgap and the consequences organizations will face if not addressed. http://ow.ly/KM6x50KLT9N

Business continuity and resilience are critical topics in boardrooms and among the C-suite. We have updated our guide to answer key questions, no matter the industry you’re in. Download your copy today. http://ow.ly/f75v50KPwUM

#ProtivitiTech #businesscontinuity

Identifying #cybersecurity issues and creating #riskmanagement plans can be complex. A #CISO who provides relatable information will help in planning for cybersecurity needs. Read more from #ProtivitiTech Terry Jost and Andy Retrum in @AgendaWeek. http://ow.ly/6tna50KPmi4

Load More