Morgan Lewis partner Mark Krotoski was quoted in a Legaltech News article about what the privacy and cybersecurity industry will likely see in 2021. In the piece, Mark discussed the questions that remain as the new year begins.
“An unanswered question under the CCPA is what constitutes ‘reasonable security procedures and practices’?,” Mark said in the article. “The CCPA and regulations do not provide any guidance. Yet the CCPA provides that companies can defend against a private right of action by showing any ‘unauthorized access and exfiltration, theft, or disclosure’ to personal information was not ‘a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices.’ … Until there is guidance on this reasonableness standard, courts will wrestle with and may apply different standards.”
Read the full Legaltech News article >>
Subscription may be required.