statutory damages ranging from $100 to $750 per violation, which is expected to increase data breach class action litigation and result in significant exposure to costly legal judgments and settlements. As we expand our operations and trials (both preclinical and clinical), the CCPA may increase compliance costs and potential liability. Some observers have noted that the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the United States. In November 2020, California passed the California Privacy Rights Act, or the CPRA, which amends and expands the CCPA. The CPRA creates obligations relating to consumer data beginning on January 1, 2022, with implementing regulations expected on or before July 1, 2022, and enforcement beginning July 1, 2023. The CPRA has created additional uncertainty and may increase our cost of compliance. Other states are beginning to pass similar laws.
Compliance with U.S. and international data protection laws and regulations could require us to take on more onerous obligations in its contracts, restrict our ability to collect, use and disclose data, or in some cases, impact our ability to operate in certain jurisdictions. Laws and regulations worldwide relating to privacy, data protection and cybersecurity are, and are likely to remain, uncertain for the foreseeable future. While we strive to comply with applicable laws and regulations relating to privacy, data protection and cybersecurity, external and internal privacy and security policies and contractual obligations relating to privacy, data protection and cybersecurity to the extent possible, we may at times fail to do so, or may be perceived to have failed to do so. Moreover, despite our efforts, we may not be successful in achieving compliance if our personnel, collaborators, partners or vendors do not comply with applicable laws and regulations relating to privacy, data protection and cybersecurity, external and internal privacy and security policies and contractual obligations relating to privacy, data protection and cybersecurity. Actual or perceived failure to comply with any laws and regulations relating to privacy, data protection or cybersecurity in the U.S. or foreign jurisdictions could result in government enforcement actions (which could include civil or criminal penalties), private litigation or adverse publicity and could negatively affect Our operating results and business. Moreover, clinical trial subjects about whom we or our potential collaborators or service providers obtain information, as well as the providers who share this information with us, may contractually limit our ability to use and disclose the information. Claims that we have violated individuals’ privacy rights, failed to comply with applicable laws or regulations, or breached its contractual obligations, even if We are not found liable, could be expensive and time consuming to defend, result in regulatory actions and proceedings, in addition to private claims and litigation, and could result in adverse publicity that could harm our business.
We also are, or may be asserted to be, subject to the terms of our external and internal privacy and security policies, representations, certifications, publications and frameworks and contractual obligations to third parties related to privacy, data protection, information security and processing. Failure to comply with any of these, or if any of these policies or any of our representations, certifications, publications or frameworks are, in whole or part, found or perceived to be inaccurate, incomplete, deceptive, unfair, or misrepresentative of its actual practices, could result in reputational harm; result in litigation; cause a material adverse impact to business operations or financial results; and otherwise result in other material harm to our business.
We depend on sophisticated information technology systems and data processing to operate our business. If we experience security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of its proprietary or confidential data, employee data or personal data, we may face costs, significant liabilities, harm to its brand and business disruption.
We rely on information technology systems and data processing that we or our service providers, collaborators, consultants, contractors or partners operate to collect, process, transmit and store electronic information in our day-to-day operations, including a variety of personal data, such as name, mailing address, email addresses, phone number and clinical trial information. Additionally, we, and our service providers, collaborators, consultants, contractors or partners, do or will collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect and share personal information, health information and other information to host or otherwise process some data and that of users, develop our products, to operate our business, for clinical trial purposes, for legal and marketing purposes, and for other business-related purposes.
34