CCPA provides that consumers may seek statutory damages of between $100 and $750, or actual damages if greater, against a company in the event of a data breach of non-redacted and non-encrypted personal information that results from the company’s failure to implement reasonable security.
To mitigate the risk of this increased exposure, companies need to take key steps to ensure they have implemented reasonable security procedures and practices.
The CCPA does not define “reasonable security.” National Law Review – Jaime B. Petenko | January 21, 2020