log in
Print | Back

Lowenstein Sandler LLP

Mark P. Kesslen

Mark P. Kesslen

Partner
Chair, Intellectual Property section of The Tech Group
Chair, IP Liti

Expertise

  • Corporate
  • Intellectual Property & Patents
  • Intellectual Property Litigation
  • Blockchain Technology & Digital Assets

WSG Practice Industries

Activity

WSG Leadership

Patent Law Workshop Group
Member

Lowenstein Sandler LLP
New York, U.S.A.

Profile

Mark loves innovators but loathes patent trolls. He applies that passion to bringing much-needed critical strategic guidance to tech-based companies. Mark devotes his practice to clients engaged in creating businesses, launching new products, and conducting M&A and venture capital transactions.

Mark's admiration for innovators was sparked during his years as a client of several law firms, including Lowenstein Sandler. He served as Chief IP, Technology & Sourcing Lawyer globally for JPMorgan Chase, a job he liked, but not as much as he likes working with startups and growth companies. During Mark's eight years at JPMC, he settled multibillion-dollar patent litigation against trolls, handled multibillion-dollar outsourcing agreements, oversaw the merging of J.P. Morgan's intellectual property portfolio with Chase Bank's, and presided over the firm's growing and ambitious patent portfolio.

During his tenure at JPMC, as finance and technology evolved, Mark helped develop a legislative agenda for IP issues involving the financial services industry. His testimony before Congress has influenced a number of patent laws enacted since 1999. In 2005, Mark realized that his greatest professional satisfaction came from serving as IP strategist for the tech companies created at Lab Morgan, JPMorgan Chase's incubator (several of which had successfully gone public). Early in his career, he co-counseled with his friends at Lowenstein Sandler on an emerging tech company, Dialogic. Lowenstein Sandler ultimately represented the company in an IPO and then an $800 million sale to Intel. When Mark decided to return to a steady diet of tech startups, he spoke with only one law firm...and Lowenstein became his new home.

As chair of the firm's IP Group, Mark is heavily involved in issues relating to software, digital and social media, big data, fintech, open source, virtualization/cloud, blockchain, SaaS, enterprise, and hardware (including medical-related hardware). He continues to manage and assess a wide range of process, software, and business method patents, and he provides strategic advice on issues ranging from litigation assessment to patent scope, open source, trademarks, privacy, and ownership risks.

An electrical engineer by training, Mark started his career at a shoe factory in New Hampshire, his home state, performing a series of jobs that subsequently moved offshore, underscoring the need for America to innovate.

Mark leads several groups focused on startups. He is co-founder and program chair of VentureCrushFG, which provides a formal mentoring program and peer group for high-potential tech entrepreneurs (read about it in the WSJ Accelerators here). He also co-founded GrapeArborVC, an angel investor team composed of friends who pool their personal finances and expertise to back promising tech startups. He is program chair of VentureCrushAV, a New York City group of founders, tech industry angels, venture capitalists, and senior executives with an interest in funding and supporting early-stage ventures.

Mark is strongly committed to equality for the LGBTQ community. He is Chair of the firm’s LGBTQ Alliance, a vibrant, fast-growing group that advocates on behalf of the LGBTQ community both at the firm and externally. He is also Chair of the firm’s Operating Committee.

Outside the office, Mark bikes as much as he can. He enjoys hiking, snowshoeing, jumping in lakes, and cooking with his family. He serves on the board of directors of Camp Belknap, a YMCA-affiliated summer camp in New Hampshire, where he was both a camper and a counselor (and sometimes wishes he still could be), and he serves as a trustee of his alma mater, the School of Engineering at Tufts University. Go Jumbos!

Bar Admissions

    New York
    New Jersey
    United States Patent and Trademark Office

Education

Case Western Reserve University School of Law (J.D. 1989)
Tufts University (B.S.E.E. 1986), Electrical Engineering
Areas of Practice

Blockchain Technology & Digital Assets | Corporate | Intellectual Property & Patents | Intellectual Property Litigation | Outsourcing | Patent Counseling & Prosecution | Patents | Privacy & Cybersecurity | Seed Stage Investing & Startups | Technology & Media Transactions | The Tech Group | Trademark Prosecution And Enforcement | Trademarks, Copyrights & Trade Secrets | Venture Capital & Tech M&A

Professional Career

Significant Accomplishments

Speaking Engagements

VentureCrushSF is an invite-only event created by the Tech Group at Lowenstein Sandler and led by the Tech Group's Chair, Ed Zimmerman, the Palo Alto Managing Partner, Kathi Rawnsley, and colleagues from Lowenstein Sandler's California and New York offices. With the help of some great venture investor co-hosts, VentureCrushSF brings together founders, tech executives and investors for a series of small discussions relevant to the tech community. We then invite even more tech industry insiders to a big party featuring a live performance, incredible wine and food, and some wonderful winemaker guests.

Join Julie Levinson Werner and Mark P. Kesslen at the 2019 TechGC National Summit, where they will co-lead two separate roundtable discussions. Werner will co-lead roundtable "Employment Issues in the Digital Economy" and Kesslen will co-lead roundtable "IP: Benchmarking IP Strategy/Costs vs. Stage of Industry."

"Employment Issues in the Digital Economy" Roundtable Co-Leaders:

"IP: Benchmarking IP Strategy/Costs vs. Stage of Industry" Roundtable Co-Leaders:

Date: October 24-25, 2019

Time: 3-6 p.m. (10/24); 9 a.m.-4:30 p.m. (10/25)

Location: New York Stock Exchange, 11 Wall Street, New York, NY



Professional Associations

Board Member, Start Small, Think BigCouncil Member, Memorial Sloan Kettering's Patient and Family Advisory Council for QualityMember, Advisory Board of the Entrepreneurial Leadership Program at Tufts University, 2007 - presentCo-Founder and Program Chair of VentureCrushFG, 2009 - presentMember, Grape Arbor VC, 2006 - presentPresident, Community Chest of Englewood, Englewood Cliffs and Tenafly, 2006-2012 and Member 2002-2012VentureCrushAV, member/leadership team since 2006Board Member, Intellectual Property Owner’s Association ("IPO"), 2000-2005Chair, Patents Working Group, Financial Services Roundtable, 1999-2005Board of Trustees, YMCA Camp Belknap Wolfeboro, NH


Professional Activities and Experience

Accolades
  • The World's Leading Patent Practitioners - IAM Patent 1000 - Kesslen
  • Chambers USA: America's Leading Lawyers for Business - Kesslen
  • IP Law Business Magazine - 2008
  • IAM Global Leaders - Mark Kesslen

Articles

What can organizations do to prevent proprietary software from going AWOL and unwanted outside technology from walking through the door uninvited? To counter these risks, reevaluate and update existing employment agreements and trade secret policies, develop a copyright registration process (which is an evolving best practice), and reassess patent filing strategies to address the challenges created by the mobile and ever-changing workforce. This also provides you an opportunity to introduce an open source code policy to ensure that wrongly introduced code does not virally impact the value of your source code.

A robust non-disclosure and invention assignment agreement (NDIAA) ensures that ownership of all developed work product, including associated intellectual property rights, is assigned to the company and protects the company’s confidential and trade secret information and data.

A best practice being adopted at many tech companies is to file for copyright registration for developed code. This grants the owner the ability to immediately seek injunctive relief in federal court. It creates a record of ownership and evidence of validity and protects the literal and nonliteral elements of the code against an exact copy and works that are substantially similar. In making a decision to file for patent protection on technology, the detectability of the software must be assessed. If it is easily or somewhat detectable, pursue a patent. Licensing of open source software is also a concern. The two types of licenses available are permissive and copyleft.

This is the first in a regular series that the Intellectual Property Group at Lowenstein Sandler will produce relating to common IP mistakes early-stage companies make when building a business.

The work and planning necessary to successfully launch a new company and product are prodigious. Yet with all the financial plans, marketing strategies, and product development that are used, entrepreneurs, developers, and investors often skip what is one of the most important steps: protecting the company’s valued assets through the proper application of intellectual property.

In our Tech Group at Lowenstein Sandler, we sit at the intersection of, on the one hand, venture and private equity investments and large and small M&A deals, and, on the other hand, the intellectual property issues facing early-stage and growth companies. It is there that we see the traps for the unwary in new company and product launches. It is often the intellectual property issues that slow down the deals, because the proper steps were not considered and/or implemented early in the project life cycle.

In this series, we present a list of mistakes that we see every day, and some proposed solutions. It is by no means exhaustive, but it is a starting point to raise some issues you may not have considered. We start with trademarks, but intend to address patents, trade secrets, copyrights, data, and open source issues in the future.

Trademarks

Too often, companies are started or new products are launched without proper clearing of the name for use and registration as a trademark with the United States Patent and Trademark Office (USPTO). This step isn’t a requirement, but it is a wise investment in order to avoid the potential need to change names later. Three common missteps, as well as solutions to avoid these missteps, are below.

  • Mistake: Branding a company or a product with a name that is so similar (even unintentionally) to an existing company’s trademark or product name that consumers could be confused. This can lead to a claim of trademark infringement from the existing company or product manufacturer and an invitation to a lawsuit that could result in an injunction against the use of the name.
    • Solution: A trademark search should be conducted prior to branding or product launch to determine whether any registered trademarks that are the same or similar already exist which could prohibit the use or registration of your new trademark. Levels of searching can vary, but at a minimum, a search should be done in the trademark database of the USPTO. More comprehensive searching, for instance in state trademark registers and common law sources for trademarks, will uncover unregistered marks that still may prevent a trademark owner from utilizing the mark in specific geographic areas. When the search returns no same or similar trademarks, an application to register your new trademark can be filed with the USPTO. Searching and filing can cost a few thousand dollars early in the project life cycle, but should save lots of time and money down the road.
  • Mistake: People believe that if they file an application to register their new trademark, they get the corresponding domain name with that trademark, and that similarly, if they register the domain name, they get the trademark. Unfortunately, neither statement is necessarily true.
    • Solution: A trademark search should also include domain names to determine whether the corresponding domain name is available. Skipping this step can lead to the costly error of investing time and effort in a new product name only to realize the corresponding domain name is unavailable or prohibitively expensive, or to spending big dollars to purchase a domain name only to later find the corresponding trademark rights are not clear for use or registration. Fortunately, the options for available domain names have expanded in recent years as more top-level domains (the wording to the right of the dot) beyond .com have launched.
  • Mistake: Branding a company or a product with a name to highlight its qualities or just describe the product may make it easy for consumers to remember. But if that name is generic or just describes the product, the USPTO will not permit registration of that trademark, and trying to get others not to use a same or similar mark can be impossible.
    • Solution: A protectable name should be chosen at the outset. A protectable and registrable (assuming nothing the same or similar already exists) name may be suggestive of the product’s qualities, or even an arbitrary or coined name – think Amazon or the name of any pharmaceutical ? can work well. These types of names bring value to the company because they can be protected and registered.

This is the second in a regular series that the Intellectual Property Group at Lowenstein Sandler will produce relating to common IP mistakes early-stage companies make when building a business.

One of the most frequent concerns raised by early-stage companies is the need to protect their proprietary intellectual property. As most venture-backed deals rely on the scalability of some form of intellectual property, this is not surprising. What tends to surprise founders is that the special, proprietary, and valuable development that they have created and plan to base their business on may not be the sort of intellectual property protectable through a patent issuance from the United States Patent and Trademark Office. In fact, many of our successful clients have found that their most valuable intellectual property is best protected via internal practices and contracting. This allows the company to protect items such as software code and business methods through a combination of copyright, trade secret, and contract law.

The best advice for an early-stage company looking to protect its nonpatentable intellectual property is to maintain good corporate hygiene, including the maintenance of employee nondisclosure and invention assignment agreements (NDIAAs), confidentiality agreements for prospective new business relationships, a strong intellectual property protection policy, and to the extent applicable, an open source code usage policy. Three common missteps made by companies that do not incorporate these methods into practice, as well as solutions to avoid these missteps, are below.

  • Mistake: Many companies rely on the premise that any intellectual property developed by employees or contractors on behalf of the company will automatically be owned by the company. This is not true. Although copyrightable intellectual property developed in the scope of an employee’s employment would be owned by the employer, employees may retain certain “shop rights” in patentable intellectual property, leaving the company’s rights encumbered in a manner that could frustrate the goals of investors or acquirers. Additionally, the default rule for independent contractors is that the contractor will own the intellectual property, unless such intellectual property is specifically deemed “work-made-for-hire.”
    • Solution: By maintaining form employee NDIAAs and intellectual property assignment language for inclusion in contractor agreements, companies can avoid the headache of needing to chase down former employees or contractors who have developed material intellectual property used in the business, when inevitably asked to do so in future financing transactions. By clearly laying out the ownership rights of the company at the start of an employment or engagement, companies will avoid any confusion or unexpected claims in the future from a potential disgruntled former colleague.
  • Mistake: Software is subject to copyrights in the object code, source code, and expression of the functioning software that is output on a computer. Therefore, copying a portion of source code, or working around the use of particular source code to achieve the same output, may in each case create a copyright violation. If your company provides services on behalf of customers, you must ensure you retain all intellectual property rights to your developments that are necessary to continue operations of the business.
    • Solution: Companies that are not in the practice of developing intellectual property on behalf of their customers, but are still engaged in providing software-related services, should include intellectual property ownership provisions clarifying that the customer shall not obtain any ownership rights in any developed intellectual property. Companies that are engaged in such development on behalf of customers may be required to assign ownership rights of certain developed intellectual property to their customers. Such ownership rights granted to the customer should be tailored as narrowly as possible, and should apply only to entirely new intellectual property specifically requested by the customer. Additionally, the company should seek to maintain an irrevocable and perpetual license to continue using such assigned intellectual property in its own business of providing services to customers. When negotiating agreements such as these, the company will need to be forward looking in determining whether the intellectual property they plan to assign will be needed for future customers, rather than relying on a belief that they can find a work-around to provide similar intellectual property to others while avoiding infringement claims.
  • Mistake: Open source software is often available free of charge, but there are usually restrictions associated with the licenses for such software that must be followed. Failing to review and adhere to the license terms prior to integration into a proprietary code-base may result in a violation of the underlying source code’s copyright, or worse, could lead to a requirement to release proprietary source code to the public on the same license terms as those of the applicable open source license, including for free.
    • Solution: A company that’s value proposition relies on the provision of software to its customers should maintain a robust open source software usage policy. Such policy should include a process for review of open source licenses and acceptable usage, as well as regular code reviews to maintain code-base and license integrity.

This is the third in a regular series that the Intellectual Property Group at Lowenstein Sandler will produce relating to common IP mistakes early-stage companies make when building a business.

Pursuing a patent requires a commitment of both time and money. As such, we are often asked if it makes sense for an early-stage company to allocate those precious resources on patents.

Let’s take a step back. What is a patent? In its simplest form, a patent is a monopoly right on an invention for a period of time. When properly drafted, a patent can provide a company with the right to exclude others from making, using or selling its invention. So we ask, “What value does excluding competitive entities in your technology space present to your business and, as an early-stage company, to your investors?” The answer to that question may differ depending on where you are in your innovation development efforts, but the potential added value associated with patents merits serious consideration. A patent that can be used not only to protect your innovation but also to control the competitive landscape is an invaluable asset for an early-stage company.

We are certainly not advocating that early-stage companies should be filing for patents on day one. That being said, it is important for early-stage companies to be conscious of common pitfalls along the way. Here are a few mistakes we often see early-stage companies make and how to avoid them:

  • Mistake: Rushing ideas to market or before an audience without adequate patent protection is by far the most fatal move. Often, early-stage companies are eager to commercialize or otherwise publicly disclose their products/services, but they overlook how to protect the underlying innovation enabling those products/services until it is too late. In the absence of patent protection, these types of actions almost certainly result in loss of international patent rights. Additionally, if more than one year passes from the date of these actions, U.S. patent rights are lost as well. Unfortunately, this mistake is made all too often by early-stage companies, particularly during development of their foundational intellectual property, but it is easily
    • Solution: Assess the viability of your invention with a qualified patent practitioner early in the development life cycle, and file a patent application prior to commercialization or public disclosure. Although the U.S. provides a one-year grace period, you can’t rely on it if there is interest in extending protection beyond U.S. jurisdictions. Additionally, since the U.S. is now a “first to file” patent system, the one-year grace period provides less in the way of protection than it used to. The race to file first is paramount – if another files before you do, you may be out of luck! In circumstances where filing is not a feasible option, at a minimum, measures should be taken for a disclosure to be made in confidentiality until you can file.
  • Mistake: Being seduced by the attractive benefits of a provisional patent application but lacking the discipline to provide the detail needed to leverage its benefits is detrimental to your company’s patent health. There are valid reasons why an early-stage company may opt for initially filing a provisional application – for example, to assess commercial viability, to establish a form of patent protection in advance of a public disclosure, to secure an early filing date, or simply because financial resources are limited. However, because a provisional application has fewer formal requirements and provides benefits at a lower cost, it can be a trap for the unwary.
    • Solution: In order to benefit from the earlier filing date of a provisional application, you must file a non-provisional application (i.e., the application that gets examined by the patent office) within one year of filing the provisional application. However, to avoid jeopardizing the benefit of that earlier filing date, the claims pursued in your non-provisional application must be fully supported by the disclosure provided in your provisional application. Accordingly, be prepared to invest the time needed to detail the know-how of your invention when preparing the provisional application. Otherwise, it will provide little to no value and you will have potentially lost a year in the race to file first.
  • Mistake: Seeking patent protection for an invention but failing to take into consideration how to leverage that protection in the context of your business is a serious flaw in patent strategy. Although a patent will certainly be directed at the invention that merited its filing, often little thought is given to how a patent can provide expanded protections. A sound patent strategy is aligned with business goals and should take into consideration development efforts before, during, and after a patent is secured. Otherwise, you could be basing the future of your business on products/services that are no longer fully protected.
    • Solution: Detailing an invention is necessary when preparing a patent application, but a good application will go further – it will include a description of various embodiments that cover practiced, nonpracticed and envisioned implementations of the invention. When preparing an application, include a robust specification with a focus on anticipating a competitive design-around and the natural evolution of your products/services. It can be difficult to anticipate every possible scenario at the time of preparing an application, but giving careful thought to alternate embodiments can expand the scope and effective life of your patent. In addition, product development efforts should be periodically assessed to determine whether your patent portfolio provides adequate protections. If not, consider updating your portfolio with new filings to ensure that the protections necessary for maintaining a competitive advantage are in place.

This is the fourth in a regular series relating to common IP mistakes early-stage companies make when building a business.

The California Consumer Privacy Act (CCPA) is slated to become effective on January 1, 2020. If you are reading this article, you have some inkling of its comprehensive nature and its status as an unprecedented state privacy law. Although unquestionably influenced by the EU’s General Data Protection Regulation (Regulation (EU) 2016/679, or the GDPR), CCPA is a unique framework. Although both CCPA and GDPR aim to establish privacy rights and enhance the protection of individuals’ personal data accessed by entities in the context of commercial interactions, CCPA is distinct from GDPR and, in some ways, goes further than GDPR does. CCPA, which applies to online and offline interactions, has adopted a broader definition of the term “personal information” (which includes business contact data and online identifiers such as IP addresses), a new defined term “sale,” distinct requirements in the areas of consent and privacy notices, an array of consumer rights, and the provision of a private right of action–on an individual or class action basis–for claims relating to data breaches. At the forefront of distinguishing features, however, is CCPA’s requirement that certain companies provide individuals with the ability to opt out of the sale of their personal information.

Companies that are GDPR compliant have taken a huge leap toward compliance with CCPA; however, GDPR compliance does not equal CCPA compliance. Given the different emphases, and the broader reach of CCPA, companies will have to make adjustments beyond existing GDPR compliance protocols. For companies that have not begun a GDPR compliance effort, the lift to become CCPA compliant is that much heavier. Below are some high-level areas to pay attention to as you navigate GDPR and CCPA compliance.

  1. Does CCPA apply to my startup? CCPA protects the personal information of California consumers (including all natural persons and business contacts located in California), and applies to businesses that control the processing of consumer personal information, service providers (indirectly as a processor through their relationship with the business they provide services to), and the catch-all category “third parties,” which includes vendors other than service providers that a business is sharing data with. Any for-profit organization doing business in California that meets one of the following criteria is considered a business: (1) has an annual gross revenue of $25 million or more; (2) buys, sells, receives, or shares for commercial purposes the personal information of 50,000 or more consumers on an annual basis, with “sale” being defined broadly as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration”; or (3) derives 50 percent or more of its revenue from personal information sales. If you are a legal entity and have been engaged to process information on behalf of a business, and the business will disclose a consumer’s personal information to you for a business purpose pursuant to a written contract, you are a “service provider.” Casting the net of applicability wider, CCPA subjects third parties to its authority, capturing any individual, legal entity, group, or organization that is not a business or service provider, or another recipient of personal information that has similar contractual restrictions with businesses as a service provider. With respect to third parties, it is important for businesses to identify what vendors they share information with and determine the type of decision-making control such vendors have over the information once it’s been shared. This determination can trigger additional obligations for a business under CCPA (see question 5, below).

  2. What are the requirements for a company to comply with CCPA? Privacy policies must disclose certain information, and service provider agreements must have specific language that prohibits service providers from “retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business.” Companies must also make sure service providers are able to respond to consumer requests for access to and deletion of their personal information. Companies are also obligated to provide two channels for consumers to request details regarding their personal information, such as a toll-free phone number and through their website. While GDPR obliges organizations to keep privacy notices current with respect to data collection, use, sharing, and processing practices, it does not impose time frames for review or updates. In contrast, CCPA imposes a specific requirement that privacy policies be updated annually. Similar to GDPR, but with less-stringent requirements, CCPA requires service providers and businesses to enter into a written agreement with affirmations on the use of the information that is disclosed for business purposes.

  3. How are the consent requirements under CCPA different from those under GDPR? GDPR and CCPA stress the importance of transparency regarding the purposes of collection and require “just in time” notifications to consumers. CCPA offers consumers the right to opt out of the “sale” of their personal information. By contrast, GDPR offers six lawful bases for processing personal information, including consent, and consent may be revoked at any time. GDPR’s opt-in and opt-out processes are generally regarded as more rigorous than the opt-out framework adopted by CCPA.

  4. How does the CCPA grant consumers the right to access and control the use of their personal information by businesses? CCPA has imposed obligations on companies to implement practices that enable the realization of new consumer rights. Under both GDPR and CCPA, individuals have the right to receive a copy of their personal information, which places responsibility on organizations to have processes in place that enable data to be provided to a requesting individual in a readily usable format, and to transfer the data directly to another organization. Given the breadth of “personal information” under CCPA, compliance requires that an inventory be conducted by every entity subject to the statute, and that appropriate technical tools be in place. Data deletion is another example. Subject to some exceptions, both frameworks require organizations to delete personal information from internal systems/records upon consumer request and instruct service providers to do the same. CCPA includes a broader list of exceptions.

  5. Does CCPA require an organization to post a “Do Not Sell My Personal Information” link on its website’s homepage and in its privacy policies? Yes, if sharing of personal information by the business is determined to be a sale for “monetary or other valuable consideration.” As referenced above, the term “sale” includes sharing, transmittal, and a host of other activities, so this inquiry is crucial. The disclosure or transfer of consumer personal information from a business to any third party may be deemed a sale unless the third party is solely using the information to fulfill a specific purpose on behalf of the business, a CCPA-compliant written contract is in place, and the business has provided the consumer with notice of the sharing and use. If a “Do Not Sell” link is required, then the business must post that link on its webpage and in its privacy policy, and the link must provide the capability to stop the sale of the personal information.


Undertaking a “data inventory” or “data mapping” process is essential to have a firm grasp of what personal information is collected (understanding the scope of the term “personal information”), the business purposes and any disclosures (understanding the scope of the term “sale”), and complying with CCPA. Retention practices should also be reviewed to limit the potential for stand-alone information not falling into the definition of personal information to be linked, integrated, or inadvertently morphed into “personal information” subject to protection under CCPA. The California attorney general recently released proposed regulations for CCPA, with a public comment period open until December 6. While the draft regulations provided some clarity on CCPA, they also imposed new and unexpected requirements. For more information on how the regulations may impact your startup, please see our Client Alert, “California Attorney General Releases Draft Regulations Under the California Consumer Privacy Act: New Concepts, New Questions, and Few Clarifications.”

CCPA grants consumers the right to pursue a civil suit and statutory damages ($100-$750 per incident or actual damages, whichever is greater) for a data breach involving their personal information if a business fails to fulfill its obligations with respect to security. This private right of action and the imposition of statutory damages removes the burden from impacted consumers to prove or quantify the damage suffered as a result of a data breach and increases the possibility of more lawsuits to redress violations. Coupled with a consumer’s direct right to bring an action for a data breach are the broad enforcement powers granted to the Attorney General of California, who may bring a civil action in the name of the people for CCPA violations and seek injunctive relief. In these actions, civil penalties are capped at $2,500 for each violation and $7,500 for each intentional violation of CCPA.

Hence, it is important to understand how your business interacts with the personal information of California consumers, that a business does not have to be located in California to be subject to the state’s provisions, and that California hosts the largest population in the United States. It is quite possible California consumers are interacting with you.


WSG's members are independent firms and are not affiliated in the joint practice of professional services. Each member exercises its own individual judgments on all client matters.

HOME | SITE MAP | GLANCE | PRIVACY POLICY | DISCLAIMER |  © World Services Group, 2020