CCPA Cases Filed

CCPA Cases Filed Are on the Rise: Data Privacy Trends

Who says that data privacy, litigation and eDiscovery don’t mix? According to a report published yesterday, CCPA cases filed are on the rise, and rising considerably!

According to Legaltech News® (Plaintiffs Are Filing More Cases Under California’s Influential Consumer Privacy Law, written by Jennifer Mach), the California Consumer Privacy Act (CCPA) has only been in effect since 2020, but the number of lawsuits claiming businesses have violated it is climbing quickly—and they’re cropping up well beyond the borders of the Golden State.

There were 145 CCPA cases filed last year to enforce provisions under California’s Consumer Privacy Act, a 60% increase from the 91 filed in 2020.


That’s according to a report published Wednesday by Akin Gump Strauss Hauer & Feld, which found that the jump in litigation was also accompanied by a shift in strategy.

In 2020, more than half the consumer-based class action lawsuits brought under the CCPA failed to meet this requirement. But that first year of court rulings evidently guided plaintiffs in the right direction: Most of the CCPA cases filed in 2021 included claims that plaintiffs’ personal information was disclosed or stolen via a data breach.

Lawsuits alleging violations of the California law were also filed across the country, pending at one point in 33 courts across 20 states, according to the report.

The law applies to entities doing business in California even if their primary place of business is in another jurisdiction, “The CCPA doesn’t define what doing business in California means,” said Michelle Reed, a Dallas-based partner at Akin Gump who co-authored Wednesday’s report.


Under the law, which gives California consumers a number of unprecedented data protections, including the right to know what personal data businesses have collected on them and the right to prohibit the sale of that data, plaintiffs are permitted to bring a civil action only if their personal data is breached due to a business failing to implement reasonable security procedures and practices.

Like California, Colorado, Virginia and Utah already have enacted their own laws, but (unlike California) none allows private plaintiffs to sue. Other states may be considering that provision in their own eventual privacy laws. Expect the landscape to continue to change, and data privacy lawsuits to continue to rise!

The article and the Akin Gump report have a lot more information on the topic, so check them out!

So, what do you think?  Do you expect the number of CCPA cases filed to continue to rise? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply