- 1798.100 – Consumers right to receive information on privacy practices and access information
- 1798.105 – Consumers right to deletion
- 1798.110 – Information required to be provided as part of an access request
- 1798.115 – Consumers right to receive information about onward disclosures
- 1798.120 – Consumer right to prohibit the sale of their information
- 1798.125 – Price discrimination based upon the exercise of the opt-out right
January 27, 2021
USDC Northern District of California
Bitmouni, et al.
Putative class action against company that provides online payment services for merchants. Defendant is alleged to have failed to properly secure PII (including names, contact details, social security numbers, and bank account information) from unauthorized access via one of its websites. Defendant is alleged to also have failed to provide sufficient notice to customers that their PII had been exposed. The data breach occurred between May 13, 2018 and December 16, 2020. Complaint alleges a violation of CCPA § 1798.150(a): Failure to implement and maintain reasonable security procedures sufficient to protect PII. Plaintiffs also bring various claims for negligence, breach of implied contract, invasion of privacy, breach of confidence, and violation of CA's Unfair Competition Law § 17200 et seq.