On July 28, 2021, the US District Court for the Northern District of California granted Walmart, Inc.’s motion to dismiss a purported class action complaint brought under the California Consumer Privacy Act. The complaint alleged that Walmart’s failure to perform its duty to implement and maintain reasonable security procedures and practices resulted in a breach, which in turn led to the plaintiff’s personal information being offered for sale on the dark web. The plaintiff alleged that he had encountered his personal identifying information for sale online in 2019; but the court determined that the challenged provision of the CCPA, Cal. Civ. Code § 1798.150(a)(1), which came into effect on January 1, 2020, does not apply retroactively.
The court also rejected the plaintiff’s claim for relief under the California unfair competition, negligence and contract laws cited in the complaint, on the grounds that no cognizable damages had been pled, and dismissed the complaint with prejudice.