Brace For Class Actions Following CA’s Privacy Law

In addition to mandating enforcement by the state attorney general, California’s sweeping new privacy law creates a private right of action for some violations. Because of the latter, it’s likely to spawn a substantial amount of class action litigation following data breaches. Indeed, says this post in the Class Defense Blog from Mayer Brown, “the statute appears designed to facilitate the filing of these class actions because it offers the plaintiffs’ bar a vehicle for trying to circumvent a hurdle facing many privacy lawsuits brought in federal courts—the Article III requirement of injury-in-fact.” Potential defendants in these lawsuits may benefit from an unusual feature of this statute, however. It mandates a brief time window (30 days) in which to initiate corrective action – one more reason, this post notes, that companies should have an effective cyber incident response process that is capable of being activated on short notice.