Categories: Legal

Retailer Hanna Andersson, Salesforce Are First Sued Under New California Privacy Law

In retailing it’s usually a good thing when you’re the first to do something. Except when it’s a lawsuit. And except when you’re the first retailer to get rung up under the new California Consumer Privacy Act (CCPA).

Although the law has only been in effect since Jan.1, the first-class action lawsuit alleging data breaches under the CCPA was filed on Feb 5. The plaintiffs are customers of children’s clothing company Hanna Andersson and The lawsuit was brought after Hanna Andersson announced on Jan. 15 that hackers stole customer names, credit card numbers and other personal information. The data was later found for sale on the dark web. Salesforce is part of the complaint because it hosted the Hanna Andersson eCommerce site. The complaint accuses Salesforce of allowing the site to be infected with malware, which is the prime suspect for the  data breach.

Neither Salesforce nor Hanna Andersson has commented or responded as yet to the complaint.

The CCPA is similar to the European Union’s General Data Protection Regulation (GDPR), which took effect in 2018. The California law is more specific and more punitive for breaches. The CCPA is intended to give consumers control over their personal information online. Under the law, consumers have the right to know what personal information companies are collecting about them, along with the right to block sale of that information and access to it if it has been collected. Consumers also have the right to ask companies about any and all data collected on them, and companies have to share that information when requested. If their requests are not accommodated, consumers can file suit.

In addition to the first lawsuit filed, companies in California are confronting the new reality of the CCPA. According to TechCrunch, i360, an advertising and data company, no longer asks for full Social Security numbers, opting instead for the last four digits. Verizon has asked its customers to upload their driver’s license or state ID to verify their identity. Comcast asks for the same, and adds an additional requirement asking customers for a selfie before it will turn over customer data.

In some ways the Hanna Andersson/Salesforce complaint is not a surprise. Security Boulevard research shows that as of Dec. 1, 2019, 91 percent of organizations covered under the law had not yet to completed all the CCPA-related workstreams. The potential punishments for non-compliance are steep. In the wake of a data breach, consumers can seek damages for weak data-security protections — up to $750 per consumer, per incident. A data breach that exposes the records of 10,000 customers could potentially cost a firm up to $7.5 million. Although there had been reports that the CCPA would not be enforced until July 1, prosecutors have ignored that.

“This is just the beginning of what will be a long list of CCPA-related lawsuits,” according to a Security Boulevard blog by Jingcong Zhao. “And while the cost of becoming CCPA-compliant may be steep, the cost of non-compliance will be much steeper.”

Hackers aren’t making compliance any easier. Reports have now surfaced about skimmers (hidden devices designed to steal credit card information), becoming more powerful online. Last week the first arrests were announced for eSkimming. Interpol, which helps coordinate police agencies in 194 countries, in late January said it had arrested three people from Indonesia who allegedly compromised hundreds of online shopping websites. It said the suspects stole payment card details and personal data such as names, addresses and phone numbers.

Get our hottest stories delivered to your inbox.

Sign up for the Newsletter to get updates on top stories and viral hits.


New PYMNTS Study: Subscription Commerce Conversion Index – July 2020

Staying home 24/7 has consumers turning to subscription services for both entertainment and their day-to-day needs. While that’s a great opportunity for providers, it also presents a challenge — 27.4 million consumers are looking to cancel their subscriptions because of friction and cost concerns. In the latest Subscription Commerce Conversion Index, PYMNTS reveals the five key features that can help companies keep subscribers loyal despite today’s challenging economic times.

Recent Posts

SEC Probes Timing Of Eastman Kodak’s Announcement Of $765M Loan

Eastman Kodak’s surprise announcement of plans to reinvent itself as a drug manufacturer has run afoul of the U.S. Securities…

9 mins ago

Intuit Inks Deal To Purchase Order Management Provider TradeGecko

Intuit, maker of QuickBooks, has inked a deal to purchase inventory and order management technology provider TradeGecko. The deal is…

26 mins ago To Trim Employee Roster By 25 Pct Globally

Booking Holding Inc., the Connecticut-based company that owns travel website, plans to reduce its workforce by as many as…

43 mins ago

Grab Launches Microinvestment Solution, Consumer Loans, BNPL Plans

Grab Financial Group (GFG), a Southeast Asia financial technology (FinTech) and ridesharing company, is expanding its reach with the announcement on…

55 mins ago

The State Of Main Street In 2020’s Second Half

The first half of 2020 was a tough time to run a small business on Main Street as stay-at-home orders…

2 hours ago

Today In Payments: Amex Grows BNPL Options; Facebook Unveils Commerce Accelerator Plans

In today’s top news, American Express has unveiled a new payment option, and Facebook has revealed plans for a Commerce…

2 hours ago