Why This Privacy Law is Important:
The California Consumer Privacy Act (CCPA) has been cited for the second time in litigation and we’re seeing the importance of deleting personally identifiable information (PII) in accordance with regulatory requirements to avoid negligence claims. Under the CCPA, failure to delete data can result in fines up to $7,500 per violation.
The CCPA made it’s second appearance in litigation via a proposed class-action lawsuit filed in California Federal Court, Fuentes v. Sunshine Behavioral Health Group LLC (C.D. Cal. March 10, 2020). This complaint accuses Sunshine Behavioral Health of allowing patients’ information to be accessed via internet search engines. This is not only a violation of CCPA, but also of HIPAA (the Health Insurance Portability and Accountability Act).
This class action lawsuit was brought on behalf of 3,500 patients whose PII may have been accessed during the breach. The time frame of when the data may have been vulnerable is thought to have begun as early as March of 2017, but was not disclosed until January 21, 2020. The PII included…
- Patient Names
- Credit Card Numbers
- Medical Information
- Social Security Numbers
Download the Resource