Employing people in California now has one more risk, they might sue you if there’s a data breach…:
“Consumers” can bring suit under the CCPA if they can prove the following five elements:
- A business incurred a data breach;
- The data breach involved a sensitive category of information identified in California Civil Code Section 1798.81.5;
- The business had a legal duty to protect the personal information from breach;
- The business failed to implement reasonable security procedures and practices; and
- The business’s failure resulted in (i.e., caused) a data breach.
While the common definition of “consumer” suggests that it refers to an individual that has “consumed” a product or a service in relation to a company, the definition ascribed by the CCPA is far broader. The term is defined to include any “natural person who is a California resident.”1 Read literally, the phrase includes not only an individual that consumes a product (e.g., a customer of a store), but also that store’s California-based employees, and California-based business contacts or prospective customers.