Akin Gump’s Second Annual CCPA Report Finds Uptick in Claims with Trend Towards Settlement

Akin Gump today released its annual “CCPA Report” looking back at the second year of civil litigation related to the California Consumer Privacy Act (CCPA) and analyzing the more than 200 cases that pushed the interpretive limits of the groundbreaking regulation since its inception. The report also previews what to expect in U.S.-based data privacy legislation and litigation throughout the remainder of 2022 and beyond.

Key findings of the new report include:

  • There has been a marked uptick in claims involving unauthorized theft and/or disclosure of personal information relating to data breaches.
  • Settlements of CCPA class actions have trended towards claims-made instead of lump sum.
  • Businesses have been held responsible for a widening range of claims stemming from breaches involving service providers.
  • Judges have finally shed light on critical CCPA terms as cases reached the motion to dismiss stage in the past year.
  • The CCPA has inspired other states to enact their own consumer data privacy statutes.

“Compared to 2020, we have seen an increase in not only CCPA claims but also claims that now extend to service providers,” said Akin Gump cybersecurity, privacy and data protection practice co-head Natasha Kohne. “We also are starting to see how judges are interpreting certain CCPA provisions and it will be important going forward to see how these are applied particularly as it relates to service providers and whether they, in addition to businesses, can be held liable under the CCPA.”

Added fellow cybersecurity, privacy and data protection practice head Michelle Reed, “When looking at the consolidated data in the report, it is clear that data breaches are continuing to affect businesses in all industries and that Plaintiffs are actively using new statutes, like the CCPA, to pursue claims against businesses as well as vendors that provide outsourced services. Now more than ever, it is important for businesses to understand their obligations under the CCPA, and similar statutes, to properly guard against these data breaches and subsequent lawsuits.”

To read the report in its entirety, please click here.

For analysis on last year’s report, listen to the On Air with Akin Gump episode here, and follow the Akin Gump Data Dive blog for regular updates and additional content.

About Akin Gump’s Cybersecurity, Privacy and Data Protection Practice

Akin Gump’s cybersecurity, privacy and data protection practice understands the unique needs of businesses and has extensive experience helping clients navigate the myriad government regulations pertaining to data privacy and security. The team stands ready to advise on existing and emerging data privacy regulations and statutes, lead breach investigations, execute on statutory breach notification requirements, engage with law enforcement where appropriate, and serve as litigation and/or regulatory enforcement counsel.

Akin Gump Strauss Hauer & Feld LLP is a leading international law firm with more than 900 lawyers in offices throughout the United States, Europe, Asia and the Middle East.

# # #