Data Breaches- Personal Data
A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. As more and more of our personal information becomes accessible online, the risk of that information being lost or stolen by negligence or criminal activity grows every day. Recent breaches such as the 2017 Equifax breach, the 2015 Ashley Madison breach, and the 2018 Panera Bread data breach show that no company that stores personal information, whether it be a credit bureau, dating site, or restaurant, is immune from the risk. Protecting your personal information seems like an impossible task these days, but it is important to know in the aftermath of a data breach, you do have legal rights to pursue damages against those who were responsible for your private information.
The New, Powerful Law Protecting Californians’Privacy & Data: CCPA
As of January 1st, 2020, California consumers have a powerful new tool to help protect their privacy- the California Consumer Protection Act. Under this new statute, Californians will be able find out exactly what personal information companies have compiled about them, and sue them if that information is stored incorrectly or leaked.
The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on January 1, 2020 that offers new protections for the personal data of Californians. The CCPA introduces new privacy rights for Californians, such as the right to know what personal information a business has collected about them and the details on how the business uses and discloses the data.
The CCPA gives every Californian the right to demand a full accounting of the information a company has compiled about them, as well as full transparency as to any third parties whom that company may be sharing that data with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.
Any company that serves Californian consumers and has annual revenues of $25 million or more must comply with the CCPA. Also, the CCPA regulates any company that keeps personal data on at least 50,000 people, as well as those that collect more than half of their revenues from the sale of personal data. Companies don’t have to be based in California or have a physical presence there to fall under the CCPA.
Now that the CCPA has come into effect, companies doing business in California are mandated to have a clearly visible footer on websites offering consumers the option to opt out of data sharing. If that footer is missing, or if you can’t find out how your information is being collected (and get copies of that information), you have the right to sue under the CCPA.
The CCPA also assigns specific penalties should any unauthorized access to your data occur. The CCPA allows for penalties of up to $750 per consumer per incident, or actual damages, whichever is greater.