On Feb. 3, plaintiff Bernadette Barnes filed a class action lawsuit hoping to be the first case to rely on the new California Consumer Privacy Act (CCPA). The complaint was filed over a data breach that allegedly occurred before the CCPA’s Jan. 1, 2020, effective date.

Given this timing, this case will not test the limits of the CCPA; it is a false alarm.

However, the complaint foreshadows how plaintiffs are likely to rely on the CCPA and what steps businesses should take to be prepared.

The Allegations

Barnes alleges that hackers infected Hanna Andersson’s e-commerce platform, operated by Salesforce.com, with malware that compromised customers’ names and credit card information. The plaintiff claims that both defendants lacked reasonable procedures to protect customers’ personal information, pursuing claims for negligence, declaratory relief, and a violation of California’s Unfair Competition Law.

The lawsuit do not expressly bring a claim under the CCPA. Instead, it claims unspecified CCPA rights and alleges that the issue of whether the defendants violated the CCPA by failing to maintain “reasonable security procedures” is a common class issue.

Read the full article in Bloomberg Law here.