Companies may incur liability for a data breach if it causes customers harm or financial loss. Protecting customers’ private information has become a priority forcing many businesses to reconsider their IT outsourcing strategies.
California legislators responded to voters by enacting laws to hold companies accountable for a breach of private data. As noted by the International Association of Privacy Professionals, a company may face civil penalties if a data breach or hack results in the loss of their customers’ sensitive information.
Personal information gets protected through the California Privacy Rights Act
Set to take effect on Jan. 1, 2023, the California Privacy Rights Act requires companies to disclose to customers their process for collecting personal information. This includes information about a customer’s race, ethnicity, finances, location and health.
Under the Act, customers have a right to opt out of a company’s data collection process and delete their data stored on a website or database. California residents may sue a business collecting sensitive information without their consent or selling private data to a third party. Sharing or exchanging personal data without receiving money may also constitute a breach of privacy and lead to a legal action.
Breach of privacy lawsuit settles for $650 million
A popular technology company based in California faced a class-action lawsuit alleging a breach of privacy over its digital face-tagging features. The complaint claimed the company used consumers’ biometric data without their consent to tag their names in pictures uploaded by other users. As reported by U.S. News and World Report, the company settled with the class for $650 million, which is purportedly the largest in the nation for a privacy violation.
Hackers may steal data from a company’s website or online database. When it results in a loss of sensitive information, the CPR Act may allow California residents to hold companies liable for damages.