The California Consumer Privacy Act CCPA, Part 3: Minimum Reasonable Security Practices

Host: Stan Stahl, Ph.D., President SecureTheVillage and Citadel Information Group

Stan’s Guest: Rachel Capoccia, Partner, Jeffer Mangels Butler & Mitchell

The California Consumer Privacy Act (CCPA) private right of action establishes statutory damages of between $100 and $750 per incident for consumers whose personal information has been compromised by a breach of personal information resulting from the business’ “violation of the duty to implement reasonable security procedures and practices appropriate to the nature of the information to protect the personal information. (CA Civil Code Section 1798.150(a)(1)).

This increases the importance to a company that it have and maintain appropriate reasonable security procedures and practices. And yet, there is as yet, no established legal definition of reasonable security procedures and practices.

While we may not be able to say what is reasonable, SecureTheVillage believes there are practices so basic that a failure to implement them is prima facie evidence that the security practices are not reasonable.

Join Stan and Rachel as they discuss these Minimum Reasonable Security Practices.