Description: The California Consumer Privacy Act (CCPA) private right of action establishes statutory damages of between $100 and $750 per incident for consumers whose personal information has been compromised by a breach of personal information resulting from the business’ “violation of the duty to implement reasonable security procedures and practices appropriate to the nature of the information to protect the personal information. (CA Civil Code Section 1798.150(a)(1)).
This increases the importance to a company that it have and maintain appropriate reasonable security procedures and practices. And yet, there is as yet, no established legal definition of reasonable security procedures and practices.
While we may not be able to say what is reasonable, SecureTheVillage believes there are practices so basic that a failure to implement them is prima facie evidence that the security practices are not reasonable.
Watch Stan and Rachel discuss these Minimum Reasonable Security Practices.
Speaker: Rachel Capoccia, Partner, Jeffer Mangels Butler & Mitchell
This is a recording of SecureTheVillage’s webinar on June 6th, 2019, hosted by Stan Stahl, PhD.
Slides: The California Consumer Privacy Act (CCPA), Part 3: Minimum Reasonable Security Practices
