On February 2, 2021, a California magistrate judge dismissed claims against a defendant tech company based on alleged violations of the California Consumer Privacy Act (CCPA) because the plaintiff admittedly failed to allege a security breach.
Based on these allegations, the plaintiff filed a class action complaint on August 5, 2020, and the defendant responded with a motion to dismiss on September 30, 2020. Last week, the judge dismissed the CCPA claim and partially dismissed the UCL claim to the extent it was based on an alleged CCPA violation because a security breach was not alleged in the case.
The CCPA confers a private right of action under Section 1798.150(a) if a business fails to maintain reasonable security procedures and practices and there is a security breach. The law specifically states, in relevant part, “[n]othing in this title shall be interpreted to serve as the basis for a private right of action under any other law.” Cal. Civ. Code § 1798.150(c).
Although the statute expressly precludes filing a lawsuit based on a CCPA violation not related to a security breach, it is anticipated that plaintiffs may attempt to circumvent this requirement by alleging the underlying CCPA violation under the UCL instead. Notably, the judge in this case rejected plaintiff’s attempt to do so, which casts doubt regarding the viability of this approach.
A link to the ruling is available here.
Click here to learn more about recently filed cases under the CCPA.