A California Senate Bill states each victim can sue up to $1,000 for being impacted. This has just passed the California senate. If this becomes law, companies who suffer data breaches will be on the line for hundreds of billions of dollars. If the Equifax data breach had occurred and this was law they would’ve paid up to 400 billion dollars if this was a federal data breach law, in every state and country victims were affected by the equifax data breach.
The wording is as such, that the person has to be affected, not be a registered user of your service. This is a very important detail, for cases like Cambridge Analytica where some debate if that was a breach of data, despite the company getting the data via an app that allegedly the description wasn’t accurate as to how the data would be used and allegedly using it to influence US voters.
It is far cheaper to hire a company who specializes in security with an elite team of freelance security professionals who will audit your systems and then explainhow to avoid the problems detected along with written patches for each issue, if you’re on that tier, then have to pay billions of dollars, as data breaches hit everyone, because few truly care about security