CCPA Security FAQs: Can employees bring a class action under the CCPA following a data breach?

Employing people in California now has one more risk, they might sue you if there’s a data breach…:

“Consumers” can bring suit under the CCPA if they can prove the following five elements:

  1. A business incurred a data breach;
  2. The data breach involved a sensitive category of information identified in California Civil Code Section 1798.81.5;
  3. The business had a legal duty to protect the personal information from breach;
  4. The business failed to implement reasonable security procedures and practices; and
  5. The business’s failure resulted in (i.e., caused) a data breach.

While the common definition of “consumer” suggests that it refers to an individual that has “consumed” a product or a service in relation to a company, the definition ascribed by the CCPA is far broader.  The term is defined to include any “natural person who is a California resident.”1  Read literally, the phrase includes not only an individual that consumes a product (e.g., a customer of a store), but also that store’s California-based employees, and California-based business contacts or prospective customers.

[…]

Read the original article here