A federal court recently issued a decision approving a class action settlement resolving litigation stemming from five Yahoo! data breaches that occurred from 2012 to 2016 and affected at least 194 million Yahoo! customers. The company agreed to establish a $117.5 million settlement fund and institute numerous business practice changes designed to prevent future data breaches. Of particular interest in the approval order, however, was the Court’s comparison of the instant settlement to a prior in-district data breach settlement. A review of the approval order provides insight into the factors judges analyze to ensure settlements are reasonable, proper, and in the best interests of the class.

The California Consumer Privacy Act of 2018 (“CCPA”) is a California privacy law that gives consumers, defined as natural persons residing in California, affirmative rights with respect to their data privacy.  Namely, the CCPA endows consumers with certain rights to access information about and control what a business does with their personal information.  (For an in-depth review of the CCPA and further explanation of these rights, please view our previous Privacy Blog post.)