- 1798.100 – Consumers right to receive information on privacy practices and access information
- 1798.105 – Consumers right to deletion
- 1798.110 – Information required to be provided as part of an access request
- 1798.115 – Consumers right to receive information about onward disclosures
- 1798.120 – Consumer right to prohibit the sale of their information
- 1798.125 – Price discrimination based upon the exercise of the opt-out right
February 19, 2021
USDC Central District of California
Trevino, et al.
Putative class action against a company that provides address verification services and payment processing. Defendant is alleged to have failed to protect plaintiffs' PII from unauthorized disclosure and theft in a ransomware attack. Data breach is alleged to have occurred in February 2021. Complaint alleges a violation of the CCPA § 1798.100, et seq.: failure to implement and maintain reasonable security measures to sufficiently protect plaintiffs' PII. Plaintiffs also bring various claims for violations of the Driver's Privacy Protection Act ("DPPA") (18 U.S.C. §§ 2721, et seq.), breach of contract (plaintiffs as intended third-party beneficiaries), and invasion of privacy and violation of the CA Constitution (Art. I, § 1).