The California Consumer Privacy Act (the “CCPA”) is a privacy law that provides consumer protection for residents of California. The CCPA will go into effect on January 1, 2020, and applies to any for-profit business that collects consumer data, does business in California, and meets one of the following criteria:
- Has an annual gross revenue in excess of $25,000,000;
- Holds personal information of 50,000 or more consumers, households, or devices; or
- More than half of the company’s annual revenue arises from selling consumers’ personal information.
Similar to privacy laws like the European GDPR (What is GDPR and Coalition’s policy cover?), the CCPA regulates how a business collects, uses, and discloses almost any kind of information about an individual. However, the CCPA is much broader than previously enacted privacy legislation. In addition to the regulatory fines and penalties that can be brought by the Attorney General of California, individual California residents are now able, under the new law, to bring class action lawsuits against a business for data breaches. Individuals whose data has been breached are not required to demonstrate a proof of loss in order to bring suit against a company. Additionally, the CCPA significantly broadens the definition of personal information thereby increasing the likelihood that a data breach will be subject to the new legislation.
If your company is subject to the CCPA, there are many reasons ($$$) to take compliance seriously. Violations of the CCPA may result in significant fines and penalties. Any class action brought against your company, as permitted under the CCPA and resulting from your failure to maintain reasonable security standards in the event of a data breach, could result in statutory penalties of $100 - $750 per affected California resident (even if there is no proof of loss) as well as actual damages. Prior to the CCPA, this right did not exist for breaches involving California residents. Similarly, the Attorney General of California may enforce the CCPA to the tune of $2,500 per individual violation and $7,500 for each intentional violation. All told, the costs of a data breach can be staggering, and even existential, to your business.
This is precisely why all businesses should consider purchasing cyber insurance. Coalition’s comprehensive cyber insurance policy covers security failures and data breaches involving the personal information of CA residents, and our policy will respond by paying breach response costs, claim expenses, and any resulting damages. Similarly, Coalition’s policy responds by paying on your behalf claim expenses and regulatory penalties from a regulatory proceeding, or class action, arising from a security failure or data breach. This includes the associated costs to defend yourself and damages resulting from a class action lawsuit or alleged violation of the CCPA. Better yet, Coalition’s coverage applies to all similar privacy legislation automatically, so you are covered should other states follow suit with new regulation of their own.
Coalition is able to provide this coverage at full policy limits (up to $10 million) and at highly competitive rates.
If you’re ready to get covered, consider asking your broker for a quote from Coalition!