Victims of data privacy infringement in California are in luck as the CCPA California makes elaborate provisions to provide succor. In prior articles, where we analyzed CCPA regulatory compliance, we mentioned that the law allows for aggrieved consumers to sue businesses. This is a new class of penalty for privacy violations in the CCPA California. Consumers alone, are not the only ones who can exercise this right. Two categories of persons can exercise this right: the Attorney General and consumers.
By the Attorney-General
Under the California Consumer Privacy Act, the Attorney General can – through his office – bring a court action against a business organization for intended and un-intended violations of the Act’s provisions. Before this AG litigation power can become exercisable against a corporate violator, a 30 days notice has to be given to such business for it to remedy the allegation.
By Consumers
Away from sole reliance on the office of the AG, the CCPA California also provides that consumers themselves can sue for violations. This right can only be exercised if such violation is in respect of “unauthorized access and exfiltration, theft or disclosure” which is caused by a business’ failure to “implement and maintain reasonable security procedures appropriate to the nature of the information.”
The class of information on which this right becomes exercisable includes first name/initial, last name, as well as various data elements such as social security number, financial account number, driver’s license, medical information, unique identification numbers, uniques biometric data, etc.
Hopefully, businesses would take a cue from the new rights in the CCPA California which exposes them to litigation risks and abstain from violations, most especially now that the law is in force. Where businesses fail to adhere and you get injured in the process, contact us to discuss our legal services.