CALIFORNIA CONSUMER PRIVACY ACT

VIOLATIONS & LAWSUITS

THE 1ST COMPANIES SUED FOR VIOLATING NEW CCPA PRIVACY LAWS

Zoom, SalesForce, Marriott, Clearview AI, Ambry Genetics, Aeries, Sunshine Behavioral Health Group, Minted, TikTok, Apple, Life on Air, and Walmart have been some of the first companies to experience privacy violations lawsuits of the brand new California Consumer Privacy Act, known as CCPA, that went into effect on January 1st, 2020. Businesses were granted 6 months to comply with the new statute with violation eligibility beginning on July 1st, 2020.

DOES EVOLVE’S CYBER POLICY COVER CCPA SUITS?

Evolve’s cyber insurance policy covers foreign, federal, state, & private privacy suits resulting from a cyber event. Evolve’s coverage includes legal defense costs of any CCPA lawsuit brought against the Insured and/or the cost of fines/penalties. CCPA violations are covered in Insuring Clause 4: Network Security & Privacy Liability.

DOES MY BUSINESS COMPLY WITH CCPA?

Evolve’s policyholders get access to a 30 minute consultation with ControlCase, a specialized regulatory privacy auditing company FREE OF CHARGE. On this call, business owners can find out if the information their business stores has any liability under CA’s CCPA statute.

WHAT IS THE CCPA?

Going into effect on January 1st, 2020, the California Consumer Privacy Act (CCPA), is a new privacy regulation designed to give California residents control over their own data. The CCPA takes the position that California consumers “own” their privacy information and provides them five general “rights” for their personal information. Under the Act, California consumers will have the right:
1. To know what personal information is collected about them.
2. To know whether and to whom their personal information is sold/disclosed, and to opt-out of its sale.
3. To access their personal information that has been collected.
4. To have a business delete their personal information.
5. To not be discriminated against for exercising their rights under the Act.

WHICH BUSINESSES MUST COMPLY WITH CCPA?

CCPA applies to for-profit businesses that collect California residents’ personal information, do business in the State of California, and meet one of these three requirements:
1. Annual gross revenues in excess of $25,000,000.
2. Receive or disclose the personal information of 50,000 or more California residents, households, or devices on an annual basis.
3. Derive 50% or more of their annual revenues from selling California residents’ personal information.

CCPA PENALTIES & PRIVATE LAWSUITS

Consumers can claim actual or statutory damages ranging from $100 – $750 per consumer, per incident, caused by a data breach.
CA Attorney General can impose injunctive or declaratory relief in fines for violations ranging from $2,500 (unintentional) to $7,500 (intentional).

CASE STUDY: WALMART’S CCPA VIOLATION

According to Bloomberg Law, Walmart recently joined the list of major CCPA lawsuits on July 11 after hackers accessed their website’s database and siphoned customer credit card information. Ranging anywhere from $5 – $110 on the dark web, hackers resell credit card information in exchange for bitcoin, hardware, or software. 
The California plaintiff accusing Walmart felt that the organization’s data security controls could not have been up-to-par due to the hackers’ easy entry into their networks and systems.  Walmart is currently disputing the allegations, stating that their controls do in fact meet the standards of the CCPA, in hopes that the door to a class action lawsuit will close after further investigation of the incident.
With fines up to $750 a head, Walmart could be facing charges in the thousands to hundreds of thousand of dollars based upon the size of the affected individuals.