Unfortunately, data breaches are an all-to-common occurrence in today’s modern world. Where so much of our most precious information is stored online, data breaches can be a very real source of confusion, concern, and crisis.

First of all, California companies must provide notice of data breaches to the victims. The notice must include the basic information regarding the breach, including, but not limited to, what information was breached, the date of the breach, and an offer to provide free identity theft prevention and mitigation services for a year. 

If you are victim of a data breach, you may be entitled to more than just notice. The California Consumer Privacy Act provides for monetary damages of $100-$750 per victim per incident or actual damages, whichever is greater.  (Cal. Civil Code § 1798.150.)

To determine what a the actual damages might be, the following items may be considered:

• Reimbursement of fraud losses for victims;
• Reimbursement of out-of-pocket costs incurred, such as credit monitoring fees, credit report fees, or credit freeze fees that victims incurred;
• Compensation for victims’ time spent responding to the breach; and
• Credit monitoring and identity theft insurance moving forward.