Actions and Fines For Violations of the CCPA

The CCPA could easily end up costing unprepared companies millions of dollars in civil penalties and statutory damages. So what are the penalties?

  • For noncompliance, the penalties per violation are $2500 (if unintentional) or $7500 (if intentional).

  • And if a consumers' personal information is exposed in a data breach, consumers can sue for $100-$750 per incident—or greater if the actual damages exceed $750.

  • The CA Attorney General has the authority to bring action for up to $2,500 for any violation of CCPA. Damages are calculated on a per-capita basis. For example, if a violation affects 1,000 users, damages could rise to $2,500,000. For violations viewed as intentional, the Attorney General’s office may bring an action for up to $7,500 for any violation of the CCPA. The same 1,000 users could be awarded damages of $7,500,000.

Note: even if you’re not based in California, your firm may be affected if you have customers or employees based there.

The information provided in this resource base and on the Datawallet website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided “AS IS;” no representations are made that the content is error-free.