The Real Cost of a Privacy Lawsuit for Small Businesses

When a small business receives a compliance demand letter, the first reaction is usually shock. Most business owners had no idea their website could create legal liability. The second reaction is usually the dollar amount — demands typically range from $5,000 to $25,000.

Here's what drives those numbers and what the actual financial exposure looks like.

Statutory Damages by Law

The three main website compliance laws each carry different damage calculations.

CIPA provides up to $5,000 per violation. In practice, each tracking pixel that fires before consent can be considered a violation, multiplied by the number of plaintiffs. A website with three tracking pixels and three plaintiffs could face theoretical damages of $45,000 — though settlements are typically far lower.

The VPPA provides $2,500 in liquidated damages per unauthorized disclosure of viewing data. If your website has embedded video content and tracking pixels are active on those pages, each instance of transmitted viewing data is a potential violation.

Under California's Unruh Civil Rights Act (which applies ADA standards), statutory damages are $4,000 per violation per visit. A single accessibility issue encountered across multiple visits could multiply quickly.

What Settlements Actually Look Like

In practice, most website compliance cases settle for significantly less than the theoretical statutory maximum. Single-law violations with straightforward facts typically settle between $2,500 and $7,500. Multi-law violations (for example, both CIPA tracking issues and ADA accessibility problems) settle between $7,500 and $15,000. High-severity cases involving healthcare websites, egregious dark patterns, or persistent violations after notice can reach $15,000 to $25,000 or more.

The Hidden Costs

The settlement amount isn't the only cost. Businesses also face attorney fees for legal review and negotiation, the cost of actually fixing the compliance issues (which you'll need to do regardless), time spent dealing with the situation instead of running your business, and potential reputational concerns.

Prevention vs. Remediation

The math is straightforward. Fixing tracking issues proactively costs a fraction of what a settlement demands. Implementing a proper cookie consent banner and cleaning up tracking pixels is a one-time project. Adding ongoing monitoring ensures new issues are caught immediately rather than after they've been exploited.

The businesses that face the largest settlements are typically those that were notified of issues and failed to act — demonstrating ongoing disregard rather than a good-faith compliance effort.

Checking Your Exposure

If you want to understand your current exposure, request a free compliance assessment from our team. We'll give you a clear picture of where your website stands on privacy, accessibility, and video privacy compliance.