While United States lacks comprehensive federal general data protection law or general privacy laws, US has some vertical integrated federal laws. Also, the new generation of privacy first laws were introduced or pending in some states. California has recently passed a new general privacy law, which commonly referred as CCPA. It provides for much needed fundamental privacy rights, including right to opt-out "Do Not Sell My Personal Data", "Right to private action" to claim up to $750 in compensation for data breach and few other rights.
Check for free if your personal information was compromised and if you may be eligible for compensation.
The California Consumer Privacy Act of 2018 (CCPA) is the major law advocating for strong protection for consumers personal data. It covers personal information collected online or offline and is not limited to any types of information.
The CCPA has a global impact, since most IT companies are based in California. The law brings major new rights such as “Do not sell my data” and “Private right of action for compensation” in case of data breach and few rights below.
CCPA is effective on January 1, 2020, but enforcement shall start on July 1, 2020. But you can request and organizations must provide consumers with information regarding the preceding 12-month period.
The CCPA protects individual consumers that are residents of California and excludes employees from its scope. Resident is defined as any individual who is living in the state on a permanent basis even if the person is away temporarily.
CCPA only applies to any commercial businesses that do business in California and have either 50K California users or annual sales more than $25 million, or get 50% revenue from selling data.
Exception: the law does not apply to public bodies and institutions, non-for-profit organizations.
Yes, you can claim compensation for material or non-material damages (distress or inconvenience) even if you have not suffered any loss yet. However, not every data breach occurrence will allow for compensation and your case must be reviewed by professionals. If you know your information was leaked, you should report this case to the company directly and/or by submitting a request with us as soon as you can to minimize risk of identity theft and unauthorized disclosure.
Your data breach compensation claim can range from $100 to $750 per consumer or incident (as a compensation for inconvenience), or actual damages, whichever is greater.
Amount of compensation will be decided by court and will depend on many factors, including:
Above shall not be confused with compensation for identity theft. If you had identity theft as a result of a data breach, this should increase amount of compensation.
3 years is the limitation period to file a claim for statutory compensation, also known as private right of action.
This has not been tested in court, but it is unlikely court will award compensation for information compromised prior to Jan 1. Based on the California Supreme Court’s decision in Aetna case businesses have a strong defence against such claim. However, CCPA does allow the right to request disclosure from business as to what and how your personal information was collected and used for the last 12 months prior to CCPA.
Personal information is broadly defined as any information that could reasonably be linked to any particular consumer or household. But for purposes of compensation claim information that was leaked must be:
No, CCPA also applies to a business established outside of California if it collects or sells California consumers personal information while conducting business in the state.
By law companies must notify consumers whose personal information was breached. However, according to recent surveys only 1 out of 2 Americans were notified about data breach. The law in California requires companies to electronically submit such notice to the Attorney General office if breach affected more than 500 California residents. DataClaim database has information from this e-register and other sources, we advise you to check if your data was compromised and if you may be eligible for compensation for free.
Information in public domain, encrypted, or anonymized data is excluded for purposes of compensation under the law. The CCPA also excludes some categories of personal information, such as medical data covered by other U.S. laws (HIPPA), personal information for clinical trials and personal information processed by credit reporting agencies. If your healthcare information was compromised, please submit a request to check compensation.
No, unfortunately CCPA protections only cover Californian residents, as most countries' privacy regulations are based on residence.
Currently the law provides this list of privacy rights:
Depending on the violation, the CCPA provides for civil penalties that can be $2,500 for each violation; or $7,500 for each intentional violation. This is separate and in addition to private claims for compensation.