Skip to content

The California Consumer Privacy Act provided plaintiffs with a private right of action to pursue statutory damages following data security breaches that impact certain sensitive categories of information and are caused by a business’s failure to institute reasonable and appropriate security. Although the CCPA does not permit private suits with respect to alleged violations of the CCPA’s privacy (as opposed to security) provisions, the lack of a specified private right of action has not deterred some plaintiffs from filing suit.

Based upon a review of federal class actions filed in 2020 that referenced either “CCPA” or “California Consumer Privacy Act,” the following are the top industries that attracted CCPA-related class action filings:

Industry Percentage of Class Actions
Health care & Health Services 18.92%
Financial Services 10.81%
Technology – Communication 9.46%
Technology – Software 9.46%
Hospitality 8.11%
Restaurants, Food & Beverage 5.41%
Retail 5.41%
Debt Collection 4.05%
Insurance 4.05%
Consumer Goods 2.70%

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David A. Zetoony David A. Zetoony

David Zetoony, Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he

David Zetoony, Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation.

Photo of Jena M. Valdetero Jena M. Valdetero

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against…

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. She also counsels companies on data privacy and security compliance programs and advises on privacy and cyber risks associated with mergers and acquisitions, venture capital, and securities. Jena also advises a diverse array of clients on compliance with existing and emerging privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US), for which she is a former KnowledgeNet Co-Chair.

Photo of Sarah C. Schenker Sarah C. Schenker

Sarah Schenker advises clients on privacy and security compliance, data breach response, and the technology transactions space. Her practice is focused on designing and managing enterprise-wide privacy programs in compliance with current and emerging US and international privacy laws, including the California Consumer…

Sarah Schenker advises clients on privacy and security compliance, data breach response, and the technology transactions space. Her practice is focused on designing and managing enterprise-wide privacy programs in compliance with current and emerging US and international privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR). Sarah has significant experience with corporate mergers and acquisitions, providing advice on privacy and security considerations.

Sarah also provides dedicated advice and specific deal counsel from start to finish during a tech transaction or implementation. She frequently negotiates complex technology transactions with unique issues, including privacy and security. Sarah has designed complete contract negotiation processes for in-house clients, advising on every element of the processes from intake to signature.