The California Consumer Privacy Act provided plaintiffs with a private right of action to pursue statutory damages following data security breaches that impact certain sensitive categories of information and are caused by a business’s failure to institute reasonable and appropriate security. Although the CCPA does not permit private suits with respect to alleged violations of the CCPA’s privacy (as opposed to security) provisions, the lack of a specified private right of action has not deterred some plaintiffs from filing suit.
Based upon a review of federal class actions filed in 2020 that referenced either “CCPA” or “California Consumer Privacy Act,” the following are the top industries that attracted CCPA-related class action filings:
| Industry | Percentage of Class Actions |
| Health care & Health Services | 18.92% |
| Financial Services | 10.81% |
| Technology – Communication | 9.46% |
| Technology – Software | 9.46% |
| Hospitality | 8.11% |
| Restaurants, Food & Beverage | 5.41% |
| Retail | 5.41% |
| Debt Collection | 4.05% |
| Insurance | 4.05% |
| Consumer Goods | 2.70% |