Earlier this year, California became the first state in the country to provide a private cause of action for victims of a data breach. The private right of action is a key provision in the California Consumer Privacy Act (CCPA)—which became effective on Jan. 1, 2020—and allows California residents whose personal information is “subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices” to seek damages of $100-$750, per incident.

Because the CCPA’s private cause of action expressly allows for class actions, privacy attorneys have long predicted that the law would trigger a wave of litigation. Numerous articles have been written speculating how businesses will defend themselves against CCPA class actions, and how plaintiffs will plead around/argue against these defenses. Most of the CCPA class actions filed to date are still early in the pleadings stage and as a result we do not yet have any decisions addressing the thornier issues that are likely to be the basis for motion practice.  Still, we are beginning to see some emerging trends.

A New Wave of Litigation?

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]