On the heels of California’s enactment of the California Consumer Privacy Act (CCPA)in 2020, California businesses will need to comply with all requirements of the CaliforniaPrivacy Rights Act (CPRA) effective January 1, 2023. The CPRA expands the currentCCPA private right of action by authorizing consumers to bring lawsuits arising fromdata breaches involving additional categories of personal information and is arguablythe strictest data privacy law in the United States, which places California privacy lawcloser, in many respects, to Europe’s GDPR. With potential statutory damages rangingfrom $100 to $750 per consumer per incident, and breaches often involving hundreds ofthousands or even millions of users, these types of claims will almost certainly lead to asharp rise in class action litigation.Virginia, Colorado, Connecticut, and Utah likewise enacted sweeping data privacy lawsthat will roll out in 2023. These laws are all similar in structure, but unlike California’sstatute, which allows an individual to sue a company for alleged violations, enforcementwill be left to the respective state attorneys general.Each of these laws provides for expanded consumer rights related to their data,including: (i) Right of access (i.e., allows for a consumer to access from a business/datacontroller the information or categories of information collected about a consumer); (ii)Right of deletion (i.e., right for a consumer to request deletion of personal information14© Duane Morris LLP 2023Duane Morris Privacy Class Action Review – 2023
It seems that your browser's pop-up blocker has prevented us from opening a new window/tab. Please click the button below to open the link manually.
Table of contents
2
3
4
6
7
11
12
14
16
20
22
25
26
27
33
36
38
40
