- 1798.100 – Consumers right to receive information on privacy practices and access information
- 1798.105 – Consumers right to deletion
- 1798.110 – Information required to be provided as part of an access request
- 1798.115 – Consumers right to receive information about onward disclosures
- 1798.120 – Consumer right to prohibit the sale of their information
- 1798.125 – Price discrimination based upon the exercise of the opt-out right
March 26, 2021
USDC Central District of California
Atachbarian, et al.
Putative class action against a company that provides address verification services and payment processing. Defendant is alleged to have failed to protect plaintiffs' PII (names, addresses, license plate numbers, and vehicle identification numbers) from unauthorized disclosure and theft in a ransomware attack. The alleged data breach occurred on or about February 3 and 4, 2021. Complaint alleges a violation of the CCPA § 1798.100, et seq.: failure to implement and maintain reasonable security procedures sufficient to protect plaintiffs' PII. Plaintiffs also bring various claims for violations of the Driver's Privacy Protection Act (18 U.S.C. §§ 2721, et seq.), and invasion of privacy (CA Constitution, Art. 1, § 1).