Likely no. While the CCPA provides for statutory damages if certain personal information is exposed in a data breach due to a business’s failure to have reasonable and appropriate security in place, the CPRA goes a step further. The CPRA requires the California government to issue regulations requiring businesses whose processing of consumers’ personal information
Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. She also counsels companies on data privacy and security compliance programs and advises on cyber risks associated with mergers and transactions. Jena also advises a diverse array of clients on compliance with existing and emerging privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US), for which she is a former KnowledgeNet Co-Chair.
Jena is a passionate advocate of diversity and inclusion. She currently serves as a board member of the Chicago chapter of Women in Law Empowerment Forum.
The CCPA provides California residents with the right to know what personal information businesses are collecting about them, the right to request deletion, and the right to opt out of the sale of their personal information
The CPRA goes a step further and grants additional rights. These rights include the right to (a) fix errors…