must honor these requests except for in certain circumstances. The CCPA is enforceable by the California Attorney General and authorizes a civil penalty of up to $7,988 per violation. Monetary thresholds for damages were updated effective January 1, 2025 The law has a private right of action. This private right of action allows lawsuits in the event of a data breach and the failure of a business to have maintained reasonable data security. The CCPA private right of action includes statutory damages of up to $750 per incident in the event of a data breach. If 50,000 records of a California resident are involved in a data breach and the business failed to have reasonable data security in place, a potential claim under the CCPA may exceed $37.5 million. With statutory damages the plaintiff’s lawyer does not need to show any actual harm to the individual caused by such data breach. Final regulations for the CCPA were approved and enforcement by California’s Attorney General commenced July 1, 2020. The first of its kind private right of action and statutory damages allowed in the CCPA has resulted in numerous class action lawsuits and other CCPA related litigation. As set forth in the following communication (link below) from the California Privacy Protection Agency (CPPA) the monetary thresholds for damages were updated effective January 1, 2025 Updated Monetary Thresholds in CCPA - California Privacy Protection Agency (CPPA) The first major enforcement action taken by the California Attorney General under the CCPA resulted in a $1.2 million settlement with Sephora, a French cosmetics brand. Sephora allegedly failed to disclose to consumers it was selling their personal information; failed to honor user requests to opt out of sale via user-enabled global privacy controls; and did not cure these violations within the 30-day period allowed by the CCPA. 120
Made with FlippingBook - Online Brochure Maker