“Companies doing business in California may face a heightened risk of litigation when the state’s new privacy law takes effect in January, litigation and privacy attorneys say,” reports Bloomberg’s Sara Merken.
“The California Consumer Privacy Act clears the way for state residents to sue companies for data breaches involving certain information, if a company fails to maintain reasonable security. Californians can seek damages of between $100 and $750 per consumer per incident under the law. That may mean millions of dollars for some companies, attorneys said.”
” Corporate and plaintiffs’ attorneys alike expect some questions to be fleshed out in litigation, including what constitutes sufficient reasonable security and an adequate cure, because neither are defined under the law, attorneys said.“ “California’s preexisting data breach statute allows for a private right of action, but the reality is that proving damages in a data breach case can be a heavy lift,” Cruz said. “The CCPA eliminates that hurdle for some plaintiffs by dispensing with the need to prove actual damages.”