Actions and Fines For Violations of the CCPA

The CCPA could easily end up costing unprepared companies millions of dollars in civil penalties and statutory damages. So what are the penalties?

  • For noncompliance, the penalties per violation are $2500 (if unintentional) or $7500 (if intentional).

  • And if a consumers' personal information is exposed in a data breach, consumers can sue for $100-$750 per incident—or greater if the actual damages exceed $750.

  • The CA Attorney General has the authority to bring action for up to $2,500 for any violation of CCPA. Damages are calculated on a per-capita basis. For example, if a violation affects 1,000 users, damages could rise to $2,500,000. For violations viewed as intentional, the Attorney General’s office may bring an action for up to $7,500 for any violation of the CCPA. The same 1,000 users could be awarded damages of $7,500,000.

Note: even if you’re not based in California, your firm may be affected if you have customers or employees based there.