small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniDiversity, Equity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Insights & News

Webinar

Defending CCPA’s “Reasonable” Safeguards Standard Against an Unreasonable Plaintiff’s Bar

Webinar

Defending CCPA’s “Reasonable” Safeguards Standard Against an Unreasonable Plaintiff’s Bar

1 Min Read

Related Locations

Related Capabilities

September 16, 2019

The California Consumer Privacy Act (CCPA), which is set to go into effect on January 1, 2020, will disrupt the U.S. privacy regulatory regime in many ways; most notably, through its private right of action and statutory damages (up to $750 per affected consumer per incident) relating to security breaches, along with the section of the law requiring covered entities to use “reasonable security procedures and practices” to protect stored personal data. However, while the stakes for companies storing California residents’ personal data are high, the CCPA does not specify what security measures are necessary to meet the “reasonable” threshold. Therefore, the combination of this vague standard and high statutory penalties almost certainly means that the private right of action will be heavily utilized by the plaintiff’s bar through class action lawsuits. As such, CCPA is set to follow in the footsteps of other frequently litigated privacy laws like the Telephone Consumer Protection Act (TCPA) and the Illinois Biometric Information Privacy Act (“BIPA”), where American corporations can suddenly find themselves subject to “bet the company” litigation based on laws with high statutory penalties and private rights of action that do not, generally speaking, require allegations of actual harm for plaintiffs to bring claims.

On September 16, 2019, Sean Wieber, Alessandra Swanson, and Eric Shinabarger of Winston & Strawn’s Chicago office, and Becky Troutman of Winston & Strawn’s San Francisco office, presented the second webinar in a series that examines the landscape of “Regulated Personal Information” and provides insights on how to approach the risks presented by these laws. In particular, this webinar covered:

  • CCPA’s “reasonable” safeguards requirement and how it relates to California’s existing breach notification law
  • An overview of common information security safeguard standards that may be used to assess “reasonableness”
  • CCPA’s private right of action and how it may mimic the current TCPA and BIPA litigation landscape
  • Pending CCPA-like state laws that include private rights of action
  • Practical steps to take now to address and mitigate potential risks, including through reviewing and revising commercial contracts

Contact Winston & Strawn for more information about this event. 

Related Professionals

Related Professionals

Sean G. Wieber

Alessandra Swanson

Eric Shinabarger

Becky Troutman

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2024. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceEqual Rights AmendmentLaw GlossaryNew Administration: The Transition Period UpdateWinston MinutePrivacy PolicyCookie PolicyNoticesSubscribeAttorney Advertising