The CCPA could easily end up costing unprepared companies millions of dollars in civil penalties and statutory damages. So what are the penalties?
For noncompliance, the penalties per violation are $2500 (if unintentional) or $7500 (if intentional).
And if a consumers' personal information is exposed in a data breach, consumers can sue for $100-$750 per incident—or greater if the actual damages exceed $750.
The CA Attorney General has the authority to bring action for up to $2,500 for any violation of CCPA. Damages are calculated on a per-capita basis. For example, if a violation affects 1,000 users, damages could rise to $2,500,000. For violations viewed as intentional, the Attorney General’s office may bring an action for up to $7,500 for any violation of the CCPA. The same 1,000 users could be awarded damages of $7,500,000.
Note: even if you’re not based in California, your firm may be affected if you have customers or employees based there.