What Can Happen if a Company Violates the CCPA (the California Consumer Privacy Act)? Well, a lot. There are two kinds of potential penalties for violating the CCPA. One is fines, imposed by the CA Attorney General. The other is private lawsuits.
About fines:
The AG can seek civil penalties of $2,500 for each violation of the CCPA or $7,500 for each intentional violation. They do need to give a company 30 days to “cure” (that’s legalese for “fix the problem”).
These fines are per consumer, per incident - so in a big breach, these fines could become massive. And there’s no ceiling on CCPA fines.
The CCPA also allows for people to file private lawsuits in the event of a data breach. They can seek between $100 to $750 in damages (or their “actual damages,” whichever is higher).
That doesn’t sound very scary! But the real risk is class actions. Some big data breaches have impacted hundreds of millions of consumers. Hundreds of millions X $100 is a ton of money.
So, fines and lawsuits: two great reasons to understand and comply with the CCPA.