- 1798.100 – Consumers right to receive information on privacy practices and access information
- 1798.105 – Consumers right to deletion
- 1798.110 – Information required to be provided as part of an access request
- 1798.115 – Consumers right to receive information about onward disclosures
- 1798.120 – Consumer right to prohibit the sale of their information
- 1798.125 – Price discrimination based upon the exercise of the opt-out right
May 04, 2021
USDC Northern District of California
Harbour and Wisnesky, et al.
Putative class action against a file transfer service provider, health care insurance provider, and health care service provider. Defendants are alleged to have failed to protect the sensitive personal and health information (including but not limited to names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers, bank account and routing information, and sensitive personal health information) of the health care insurance provider's members, resulting in unauthorized access by third parties. The data breach is alleged to have occurred between January 7, 2021 and January 25, 2021. Members were notified of the data breach on or about March 24, 2021. Complaint alleges a violation of the CCPA §§ 1798.100, et seq.: failure to implement and maintain reasonable security measures sufficient to protect Plaintiff consumers' information. Plaintiffs also bring various claims for negligence, negligence per se, breach of implied contract, violation of CA's Confidentiality of Medical Information Act (Cal. Civ. Code §§ 56 et seq.), violation of CA's Customer Records Act (Cal. Civ. Code §§ 1798.80, et seq.), violation of CA's Unfair Competition Law (incorporating the CCPA under the "unlawful" business practice prong, Cal. Bus. & Prof. Code §§ 17200, et seq.), invasion of privacy (intrusion upon seclusion), violation of the CA Constitution (Art. 1, § 1), and a request for declaratory relief.