Security Breaches

Information Security Breaches

Companies holding our personal data is part of modern life. Sometimes those companies fail to secure our data from hackers or insiders, and expose us to identity theft or other threats. States have passed laws to ensure companies disclose security breaches and have incentives to take reasonable measures to protect our data.

Duty to Disclose Security Breaches

Companies that conduct business in California, and own or license personal data, must "disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California whose [] personal information was, or is reasonably believed to have been, acquired by an unauthorized person [] within 30 calendar days of discovery or notification of the data breach" unless the delay is required "to accommodate the legitimate needs of law enforcement." Cal. Civ. Code § 1798.82. California law defines personal data as consumers’
  • name, combined with a Social security number, unique identification number issued on a government document (like a driver’s license number), account number (together with any required access code or password that would permit access to an individual’s financial account), medical information, health insurance information, unique biometric data, or genetic data; or
  • email address, combined with a password or security information that would permit access to a consumer’s account)
Consumers can bring a private right of action for violations of § 1798.82 for damages and injunctive relief. Cal. Civ. Code § 1798.83.

Duty to Protect Data from Security Breaches

California law also provides consumers whose personal data accessed, disclosed, or stolen by unauthorized parties "as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature" of their data a private right of action for statutory damages and injunctive and declaratory relief. Cal. Civ. Code § 1798.150. Again, California law defines personal data as consumers’
  • name, combined with a Social security number, unique identification number issued on a government document (like a driver’s license number), account number (together with any required access code or password that would permit access to an individual’s financial account), medical information, health insurance information, unique biometric data, or genetic data; or
  • email address, combined with a password or security information that would permit access to a consumer’s account)
Cal. Civ. Code §§ 1798.81.5.

For More Information, Contact Preston Law Offices Today

If your data was stolen in an information security breach, your rights may have been violated. Preston Law Offices will evaluate whether you are eligible to participate in a class action, explain your options, and work to ensure the companies holding your data comply with the law. Since 2009, Preston Law Offices has represented individuals and small businesses in a broad range of class actions, focusing on borrower rights, privacy, and unfair trade practices. Courts have appointed Preston Law Offices as lead class counsel, and Preston Law Offices has obtained recoveries for hundreds of thousands of class members. To learn more, contact us today. We will evaluate your situation to determine whether you have a case.