Effective January 1, 2020, the California Consumer Privacy Act imposes liability on businesses for a data breach that results from the failure to maintain reasonable security procedures and practices.  The CCPA’s liability for such a data breach can be daunting, up to $750 per person.  Accordingly, since the CCPA’s enactment, compliance practitioners have advised their clients to shore up their cybersecurity. The CCPA, however, does not define “reasonable” and judges and litigators will have to interpret and apply this standard in Court.   Here’s a litigator’s look at the CCPA’s “reasonable” standard.


Hyman, S.J. & Walser-Jolly, G., Farrell, E., “What is a Reasonable Security Procedure and Practice under the California Consumer Privacy Act’s Safe Harbor”, 73 Conf. Cons. Fin. L. Q. 73-3 (Winter 2020)