- 1798.100 – Consumers right to receive information on privacy practices and access information
- 1798.105 – Consumers right to deletion
- 1798.110 – Information required to be provided as part of an access request
- 1798.115 – Consumers right to receive information about onward disclosures
- 1798.120 – Consumer right to prohibit the sale of their information
- 1798.125 – Price discrimination based upon the exercise of the opt-out right
January 14, 2021
3:21-cv-01092-LAB (originally 3:21-cv-00376)
USDC Southern District of California
Yick, et al.
Putative class action against a bank. Defendant is alleged to have breached its duty under the CCPA to implement and maintain reasonable security procedures (e.g. use of EMV chip technology) sufficient to protect PII (including names, account numbers, credit or debit card numbers, in combination with security codes or passwords) resulting in unauthorized access, disclosure, and theft of PII. Complaint alleges a violation of the CCPA § 1798.150(a): failure to implement and maintain reasonable security procedures sufficient to protect PII. Plaintiffs also bring various claims for violations of CA's Unfair Competition Law, violations of Electronic Funds Transfer Act (15 U.S.C. § 1693 et seq.), negligence, negligence performance of contract, negligent failure to warn, breach of contract, breach of implied contract, breach of the implied covenant of good faith and fair dealing, and breach of contract (third-party beneficiaries.) Transferred from USDC Northern District of California to USDC Southern District of California.