If there’s the slightest chance that one of your customers is a Californian resident, given the litigious nature of our West Coast friends I suggest you review your liabilities and insurance cover in time for January…:
When the California Consumer Privacy Act (“CCPA”) takes effect in January 2020, California will become the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages of between $100-$750 per incident, even in the absence of any actual harm. The class actions that follow are not likely to be limited to California residents, but will also include non-California residents pursuing claims under common law theories. A successful defense will depend on the ability of the breached business to establish that it implemented and maintained reasonable security procedures and practices appropriate to the nature of the personal information held. The more prepared a business is to respond to a breach, the better prepared it will be to defend a breach lawsuit.