In Third Annual Report, Akin Synthesizes CCPA Litigation Trends, Enforcement and Compliance Insights
Contact:
Akin is pleased to release its annual CCPA Litigation and Enforcement Report, looking back at the third year of civil litigation and administrative enforcement related to the California Consumer Privacy Act (CCPA) and distilling salient points from more than 300 actions into key takeaways for businesses to evaluate and mitigate risks. The report also previews emerging trends in U.S. consumer litigation and regulatory enforcement in 2023.
Key findings of the new report include:
- More than 80% of CCPA suits brought in 2022 corresponded to a breach notice filed with the California attorney general (AG). Businesses that report a data breach to the AG have about a 15% chance of subsequently facing consumer litigation.
- Large data breaches were the source of the majority of the CCPA lawsuits, with more than half of the CCPA actions initiated in 2022 stemming from data breaches allegedly impacting the personal information of 100,000 or more people.
- For the third year in a row, businesses in the financial services industry are the most likely to face a CCPA claim, with one-third of all CCPA claims initiated in 2022 targeting the industry.
“When the CCPA became effective, businesses had no visibility into how active the litigation or enforcement landscape would be,” said Akin cybersecurity, privacy & data protection practice co-leader Natasha Kohne. “We created this report to provide clients and their boards with tangible data to support the business case for investing in privacy and data security compliance.”
Added co-leader Michelle Reed, “After three years in effect, we’re seeing a cottage industry of CCPA litigation emerge under the consumer private right of action. Understanding plaintiffs’ strategies and targets—and which defenses are gaining traction—will help businesses operationalize CCPA requirements in the most meaningful and defensible way possible.”
The report highlights Kohne and Reed’s deep experience in CCPA enforcement, compliance, investigations and litigation. Lauren York and Molly E. Whitman, counsel in Akin’s cybersecurity, privacy & data protection practice, spearheaded the report, which synthesizes observations and analyses from associate Tina Jeffcoat and additional contributors across the firm. The team is part of Akin’s multidisciplinary privacy group, which blends Akin’s vast experience across commercial litigation, regulatory, lobbying and public policy, corporate, investment management, and more.
For a copy of the full report, please register here.
For analysis on last year’s report, listen to the OnAir with Akin Gump episode (here) and follow the Akin Data Dive blog for regular updates and additional content.
About Akin’s Cybersecurity, Privacy & Data Protection Practice
Akin’s Chambers USA-ranked cybersecurity, privacy & data protection practice understands the unique needs of businesses and has extensive experience helping clients navigate the myriad government regulations pertaining to data privacy and security. The team stands ready to advise on existing and emerging data privacy regulations and statutes, lead breach investigations, execute on statutory breach notification requirements, engage with law enforcement where appropriate, serve as litigation and/or regulatory enforcement counsel and advise on cutting-edge emerging technologies.
Akin is a leading international law firm with more than 900 lawyers in offices throughout the United States, Europe, Asia and the Middle East.
###