By Iris C. Chiu and Jake Kim
The California Privacy Rights Act (CPRA) amends the California Consumer Privacy Act (CCPA) and includes additional privacy protections. Effective July 1, 2023, noncompliance with the CCPA could have significant consequences for your businesses. Our past article discussed whether your business is covered under the CCPA. Click here to read about it. This article will share with you what is happening in the privacy space right now and how your business should comply.
Enforcement & Penalties Under CCPA
- The California Attorney General was responsible for enforcing the CCPA. Now, the CCPA has established a new enforcement authority called the California Privacy Protection Agency (a group of privacy law attorneys). In theory, the enforcement of the CCPA has become more efficient.
- Businesses not in compliance can be fined civil penalties of up to $2,500 per violation and up to $7,500 per intentional violation of the statute.
- There are private rights of action available for individuals in cases of breach of nonencrypted and nonredacted information, such as data theft from emails or information that would permit access to accounts.
Small, Mid-Sized Business Enforcement (GDPR)
The CPRA is modeled on the GDPR, so it is not a surprise that they share certain similarities. At least 270 CCPA-related legal actions have been filed, and there are hundreds more claims or demands. Here are some examples of GDPR fines imposed on small and medium-sized businesses.
Restaurant Business |
Fined approximately $10,000 for failing to display a video surveillance sign to its customers |
Mid-sized Marketing company |
Fined approximately $140,000 for the unauthorized reselling of personal information |
Sports Betting Operator |
Fined approximately $380,000 for failing to secure client data, with employees accessing up to 1/3 of the full client dataset |
Sephora USA (CCPA) |
Agreed to pay fine of $1.2 million (failed to tell consumers that the company sold personal information and did not process opt-out requests) |
Data Breach, is YOUR BUSINESS safe?
Data breaches are on the rise. They take a tremendous amount of company resources, from manpower to the risk of consumers abandoning a company and the like. When one considers statutory fines that may be associated with a breach, it makes sense to see how to minimize that impact. However, businesses that are in compliance with the CCPA will be protected against many of the fines and related consequences of data breaches. Further, many small businesses believe that a data breach is unlikely to occur to them or have any significant impact. However, a recent study found the opposite to be true.
source: strongdm
While data breaches are always a risk, complying with the CCPA guidelines can safeguard your business from the penalties associated with a breach. Here is a compliance checklist to help you safeguard your business.
CPRA Compliance Checklist (non-exhaustive)
This article is not intended to and does not constitute legal advice or a solicitation for the formation of an attorney-client relationship. For questions about privacy law or other matters, reach out to our experienced privacy team at 408.286.5800 or e-mail iris.chiu@berliner.com.