Seems you don’t have to wait long these days before hearing about yet ANOTHER massive data breach in the news. Reports about hackers using malicious software to steal credit and debit card numbers from a store’s holiday shoppers, employees stealing or losing corporate laptops containing private information, or servers being hacked.
These breaches put sensitive, private information of thousands of people (or more!) at risk. Highly personal financial, health and identity data become accessible to criminals who may sell it on the black market over the dark web. Victims of these breaches become victims of identity theft and can struggle for years to restore their credit scores and reputations.
In September of 2018, California passed a significant new consumer privacy law, the California Consumer Privacy Act (CCPA), which is the first U.S. law to regulate how businesses with a presence in CA collect, share, and use consumer data. The CCPA not only imposes significant compliance obligations on companies conducting business with California residents but also incentivizes class action litigation through both the CCPA’s private right of action and California’s Unfair Competition law. Enforcement of the CCPA law begins January 1, 2020.
Under the CCPA, companies that sell consumer data to third parties will need to disclose that practice and give consumers the ability to opt out of the sale by supplying a link titled “Do Not Sell My Personal Information” on the business’s home page. This is known as the right to “opt out.” The Act further provides that a business must not sell the personal information of consumers younger than 16 years of age without that consumer’s affirmative consent (or, for consumers younger than 13 years of age, without the affirmative consent of the consumer’s parent or guardian). This is known as the right to “opt in.”
Consumers also have the right to request certain information from businesses, including, for example, the sources from which a business collected the consumer’s personal information, the specific pieces of personal information it collected about the consumer, and the third parties with which it shared that information.
The CCPA also forbids businesses from “discriminating” against consumers for exercising their privacy rights under the Act. Businesses cannot deny goods or services, charge different prices for goods or services, or provide a different quality of goods or services to those consumers who exercise their privacy rights.
If you’ve been the victim of ID theft, you probably already know all too well what we’re talking about. It can take years of hassle to get things straightened out. Some financial problems may never be fully resolved, and there’s always the concern of more harm occurring down the line. Even if you haven’t discovered identity theft – being the victim of a data breach means fear will always be present. You may be left to forever wonder “What if someone uses my information illegally sometime in the future?” – and that isn’t fair to you.
Our San Francisco law firm — Righetti • Glugoski, P.C. — can help. Our lawyers have a nationwide reputation for prosecuting class actions holding companies accountable for data breaches and other violations of consumer privacy. We represent people who have had their information lost or stolen, helping them recover compensation for the harm they’ve experienced.
If you believe your information has been leaked as part of a data breach, please contact an attorney at our firm to get help. Call us by phone at 415-983-0900 or 800-447-5549. If you prefer, you can contact us online by completing a short form.