In 2003, California became the first U.S. state to require and implement a series of data breach notification laws designed to protect against the misuse of residents’ personal information. The more recently enacted California Consumer Protection Act (CCPA) provides two main benefits: it allows consumers, as individuals or a class, to sue businesses when their personal information is disclosed without their authorization, and it provides a statute that prevents anyone who does business in the state from sweeping a data breach under the rug.