Fee petition mechanics · Updated June 2026
Cybersecurity attorney fee petition mechanics: CCPA § 1798.150 breach notification advisory on the California AG Data Breach Report Registry non-PACER calendar, CCPA class certification and Cal. Penal Code § 502(e) CDAFA concurrent claim advisory on the FRCP 16(b) scheduling order, and CCPA § 1798.150(a) mandatory statutory damages and attorney fee petition advisory
Cybersecurity solos billing hourly on CCPA Cal. Civ. Code § 1798.150 data breach private actions, Cal. Penal Code § 502(e) Computer Data Access and Fraud Act concurrent claims, and California AG enforcement proceedings — whose fee documentation must cover advisory calls triggered by the California AG Data Breach Report Registry non-PACER notification calendar (mandatory § 1798.29(a) notification entirely outside PACER and CM/ECF), the FRCP 16(b) scheduling order CCPA class certification calendar, and the post-judgment § 1798.150(a) mandatory statutory damages fee petition calendar — generate three billing gaps: California AG breach notification portal scope analysis and § 1798.150(a) statutory damage exposure advisory calls arriving when the CA AG Data Breach Report Registry records the mandatory notification before any civil complaint is filed (8 clients × 2 calls × 40 min × 55% untracked ≈ 5.87 hrs = $1,760–$2,933/year at $300–$500/hr), CCPA § 1798.150 class certification and § 502(e) CDAFA concurrent claim advisory calls arriving when the FRCP 16(b) scheduling order sets the class certification briefing and expert disclosure deadlines (6 clients × 3 calls × 44 min × 55% untracked ≈ 7.26 hrs = $2,178–$3,630/year), and CCPA § 1798.150(a) mandatory statutory damages calculation and § 502(e)(2) concurrent attorney fee petition advisory calls arriving when the class action reaches final approval or judgment (5 clients × 2 calls × 44 min × 55% untracked ≈ 4.03 hrs = $1,210–$2,017/year). For a solo cybersecurity practice handling CCPA data breach class actions, § 502(e) CDAFA concurrent claims, and California AG enforcement coordination, the annual billing gap from advisory call underlogging is $5,148–$8,580.
TL;DR
ClaimHour captures every California AG breach notification portal advisory call that arrives when the CA AG Data Breach Report Registry records the § 1798.29(a) mandatory notification outside PACER before any civil complaint exists, every CCPA § 1798.150 class certification and § 502(e) CDAFA concurrent claim advisory call that arrives when the FRCP 16(b) scheduling order sets class certification and expert disclosure deadlines, and every § 1798.150(a) mandatory statutory damages fee petition and § 502(e)(2) concurrent attorney fee advisory call that arrives at final approval or judgment — passively, no timer, no audio, no call contents. $29–$59/mo. No PMS required.
California AG breach notification portal and CCPA § 1798.150 statutory damage exposure advisory: calls on the California AG Data Breach Report Registry non-PACER calendar
The California Attorney General's Data Breach Report Registry — the California AG's online database for mandatory data breach notifications under Cal. Civ. Code § 1798.29(a) and § 1798.82(a) — is the primary Welch temporal anchor for cybersecurity billing documentation. Section 1798.29(a) requires any person or business that owns or licenses computerized data including personal information to notify affected California residents of a qualifying breach of the security of the system "in the most expedient time possible and without unreasonable delay." When a breach affects more than 500 California residents, § 1798.29(f) additionally requires notification to the California AG — creating a regulatory reporting entry in the AG's Data Breach Report Registry that precedes any civil complaint by days to months. The AG's registry entry date is the most distinctive non-PACER billing anchor in cybersecurity practice: it is maintained in a California state regulatory database entirely outside PACER, CM/ECF, and any federal court docketing system, and it correlates precisely with the first advisory calls that arrive when the client's incident response team confirms the breach scope and § 1798.150(a) exposure begins to crystallize.
Two California AG Data Breach Report Registry advisory call types that generate billing gaps: (1) California AG § 1798.29 mandatory breach notification scope analysis and CCPA § 1798.150(a) statutory damage exposure advisory — arrives when the client's incident response confirms a qualifying breach of California residents' personal information under § 1798.81.5 (requiring classification of compromised personal information under § 1798.81.5(d)(1)(A)–(E): Social Security number, driver's license or ID number, financial account number with security code, medical information, and username/password combinations; § 1798.150(a) per-consumer per-incident statutory damage exposure calculation at $100–$750 per California resident; California AG registry notification timing and content requirements under § 1798.29(e) mandatory notice content; concurrent FTC Safeguards Rule 16 C.F.R. Part 314 notification obligations for financial institutions; and HIPAA Breach Notification Rule 45 C.F.R. § 164.408 60-day HHS OCR notification analysis when protected health information is involved — 38–45 min); (2) HIPAA/CCPA breach notification scope coordination and HHS OCR Breach Portal advisory — arrives when the breach involves protected health information requiring parallel notification to HHS OCR within 60 days under 45 C.F.R. § 164.408(b) (requiring HHS OCR Breach Reporting Tool submission — a secondary non-PACER federal Welch anchor in the HHS Office for Civil Rights database; Cal. Health & Safety Code § 1280.15 parallel California healthcare data breach notification to CDPH; OCR investigation response strategy; and Cal. Civ. Code § 56.36(b) Confidentiality of Medical Information Act parallel civil action advisory — 38–45 min). At 55% untracked: 8 clients × 2 calls × 40 min × 55% = 352 min / 60 = 5.87 hours = $1,760–$2,933/year at $300–$500/hr.
CCPA § 1798.150 class action certification and Cal. Penal Code § 502(e) CDAFA concurrent claim advisory: calls on the FRCP 16(b) scheduling order calendar
The FRCP 16(b) scheduling order posted to PACER governs CCPA § 1798.150 class action litigation by setting class certification briefing, expert disclosure, and discovery deadlines — each generating advisory calls outside counsel's control whenever the scheduling order reaches a new milestone. CCPA § 1798.150(a)'s "per consumer per incident" statutory damage structure makes every class certification milestone consequential: the uniform $100–$750 per-person exposure formula simplifies Rule 23(b)(3) predominance analysis (common breach causation predominates) while exposing defendants to aggregate exposure that can reach tens or hundreds of millions of dollars on a large breach — requiring ongoing advisory calls at each scheduling order milestone throughout the class certification cycle. Concurrent California Penal Code § 502(e) — the Computer Data Access and Fraud Act — provides an independent state civil cause of action under § 502(c) for unauthorized access, computer interference, and theft of computer services, with compensatory damages and attorney fees under § 502(e)(2), creating a parallel advisory call track at every class certification milestone independent of § 1798.150.
Three CCPA § 1798.150 class certification and § 502(e) advisory call types that arrive on the FRCP 16(b) scheduling order: (1) CCPA § 1798.150(a) class certification briefing and Rule 23 predominance advisory — arrives when the scheduling order sets the class certification motion deadline (requiring § 1798.150(a) elements: unauthorized access to nonencrypted/nonredacted personal information due to failure to maintain reasonable security; Rule 23(a) numerosity, commonality, typicality, adequacy; Rule 23(b)(3) predominance — CCPA's uniform statutory damages formula means all class members have identically structured claims; TransUnion LLC v. Ramirez, 594 U.S. 413 (2021) concrete injury requirement for each class member in federal court — standing requires more than risk of future harm; Van Patten v. Vertical Fitness Group, 847 F.3d 1037 (9th Cir. 2017) statutory violation standing analysis; and § 1798.150(b) 30-day pre-suit cure notice analysis — did the defendant receive notice and fail to cure — 44–52 min); (2) Cal. Penal Code § 502(e) CDAFA concurrent claim and expert testimony advisory — arrives when the scheduling order sets the expert disclosure deadline and the § 502 claim requires computer forensics expert support (requiring § 502(c)(1)–(7) prohibited access: intentional unauthorized computer access (§ 502(c)(1)), exceeding authorization (§ 502(c)(2)), disruption of computer services (§ 502(c)(3)), computer data interference (§ 502(c)(4)); § 502(e)(2) attorney fees to prevailing party — independent California fee provision; hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022) CFAA and § 502 unauthorized access analysis; and computer forensics expert scope and 502 damages analysis advisory — 44–52 min); (3) California AG parallel enforcement coordination and § 1798.199.90 civil penalty advisory — arrives when the scheduling order approaches class certification and AG enforcement investigation developments require civil litigation coordination (requiring California AG CCPA enforcement Civil Penalty: $2,500 per violation, $7,500 per intentional violation under § 1798.199.90; parallel AG enforcement settlement negotiation impact on class action value; § 1798.150(b) notice-and-cure provision in class action context; and FTC enforcement action coordination for federal-nexus breaches — 44–52 min). At 55% untracked: 6 clients × 3 calls × 44 min × 55% = 435.6 min / 60 = 7.26 hours = $2,178–$3,630/year at $300–$500/hr.
CCPA § 1798.150(a) mandatory statutory damages and attorney fee petition advisory: calls on the post-judgment calendar
Cal. Civ. Code § 1798.150(a) provides that any consumer whose nonencrypted and nonredacted personal information is subject to unauthorized access due to the business's failure to implement and maintain reasonable security procedures "may institute a civil action" and "is entitled to any one of the following: (A) to recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater; (B) injunctive or declaratory relief; (C) any other relief the court deems proper." California courts have construed § 1798.150's "any other relief the court deems proper" to include attorney fees as an element of the consumer's statutory recovery, making § 1798.150 an effectively mandatory fee provision for prevailing plaintiffs in CCPA data breach class actions. Concurrent Cal. Penal Code § 502(e)(2) explicitly provides for "reasonable attorney's fees to a prevailing party" in CDAFA civil actions, creating an independent California mandatory fee obligation when the same unauthorized computer access violates both § 1798.150 and § 502.
Two § 1798.150(a) and § 502(e)(2) advisory call types that arrive on the post-judgment calendar: (1) CCPA § 1798.150(a) statutory damages calculation and Hensley lodestar fee petition advisory — arrives when the CCPA class action reaches final approval or a § 1798.150 judgment is entered (requiring § 1798.150(a) per-consumer per-incident statutory damage calculation for the certified class at $100–$750 per person; Hensley v. Eckerhart, 461 U.S. 424 (1983) lodestar calculation from California AG Data Breach Report Registry notification date through final approval — all breach notification analysis, class certification briefing, and expert coordination hours from the first advisory call on the AG registry calendar are recoverable; PLCM Group, Inc. v. Drexler, 22 Cal.4th 1084 (2000) California prevailing market rate for cybersecurity litigation; and Missouri v. Jenkins, 491 U.S. 274 (1989) fees-on-fees recoverable for § 1798.150 fee petition preparation hours — 44–52 min); (2) Cal. Penal Code § 502(e)(2) CDAFA concurrent attorney fee petition and Ketchum multiplier advisory — arrives when the § 502(e) CDAFA claim is adjudicated alongside § 1798.150 and the California attorney fee petition must be prepared for both statutes (requiring § 502(e)(2) "reasonable attorney's fees to a prevailing party" — independent California fee provision with no exceptionality analysis; Ketchum v. Moses, 24 Cal.4th 1122 (2001) positive multiplier available for California § 502(e)(2) component when exceptional skill, novelty of questions, or results obtained justify enhancement; PLCM Group California prevailing market rate for computer fraud and data breach litigation; City of Burlington v. Dague, 505 U.S. 557 (1992) no contingency multiplier for any federal fee component if federal claims are included; and Commissioner, INS v. Jean, 496 U.S. 154 (1990) fees-on-fees recoverable for California § 502 fee petition preparation — 44–52 min). At 55% untracked: 5 clients × 2 calls × 44 min × 55% = 242 min / 60 = 4.03 hours = $1,210–$2,017/year at $300–$500/hr.
How ClaimHour fits cybersecurity practice
If you handle CCPA § 1798.150 data breach class actions, Cal. Penal Code § 502(e) CDAFA concurrent claims, and California AG enforcement coordination — with breach notification advisory calls arriving when the California AG Data Breach Report Registry records the mandatory § 1798.29(a) notification outside PACER before any civil complaint exists, class certification and § 502(e) advisory calls arriving when the FRCP 16(b) scheduling order sets class certification and expert disclosure deadlines, and § 1798.150(a) mandatory statutory damages and § 502(e)(2) concurrent fee petition advisory calls arriving when the class action reaches final approval — and if your fee documentation must satisfy Hensley lodestar specificity from the California AG registry notification date, the FRCP 16(b) class certification briefing date, and the § 1798.150(a)/§ 502(e)(2) fee award order date across three billing calendars (one non-PACER California state regulatory, one PACER scheduling order, one post-judgment), ClaimHour was built for that gap.
Related questions
How do California AG breach notification portal advisory calls generate billing gaps on the CA AG Data Breach Report Registry calendar?
The California AG Data Breach Report Registry (non-PACER California state regulatory database) is the primary Welch temporal anchor for cybersecurity billing. The § 1798.29(a) mandatory notification date precedes any civil complaint by days to months — the AG registry entry is the earliest verifiable billing anchor for pre-suit breach analysis advisory hours. Two call types: California AG § 1798.29 mandatory notification scope analysis and § 1798.150(a) statutory damage exposure advisory (38–45 min, arriving when incident response confirms breach scope — requires § 1798.81.5(d)(1)(A)–(E) personal information classification, $100–$750 per-consumer exposure calculation, concurrent FTC Safeguards Rule analysis, HIPAA parallel notification analysis) and HHS OCR Breach Portal advisory for HIPAA-covered breaches (38–45 min, arriving for healthcare-adjacent breaches — HHS OCR Breach Reporting Tool is secondary non-PACER federal anchor; Cal. Health & Safety Code § 1280.15 CDPH parallel notification). At 55% untracked: 8 clients × 2 calls × 40 min × 55% ≈ 5.87 hours = $1,760–$2,933/year at $300–$500/hr.
How do CCPA § 1798.150 class certification and § 502(e) CDAFA concurrent claim advisory calls generate billing gaps on the FRCP 16(b) scheduling order calendar?
The FRCP 16(b) scheduling order (PACER) sets class certification briefing, expert disclosure, and discovery deadlines. CCPA § 1798.150's per-consumer per-incident statutory damage formula ($100–$750) makes every class certification milestone consequential — Rule 23(b)(3) predominance is simplified but aggregate exposure can reach hundreds of millions of dollars, requiring ongoing advisory calls throughout the briefing cycle. Three call types: CCPA § 1798.150(a) class certification briefing and Rule 23 predominance advisory (44–52 min, arriving at class certification motion deadline — requires TransUnion standing, Van Patten statutory violation standing, § 1798.150(b) cure-notice analysis), Cal. Penal Code § 502(e) CDAFA concurrent claim and forensics expert advisory (44–52 min, arriving at expert disclosure deadline — requires § 502(c)(1)–(7) access analysis, § 502(e)(2) independent fee provision, hiQ Labs CFAA/§ 502 analysis), and California AG parallel enforcement coordination advisory (44–52 min, arriving near class certification — requires § 1798.199.90 civil penalty coordination, parallel AG settlement impact analysis). At 55% untracked: 6 clients × 3 calls × 44 min × 55% ≈ 7.26 hours = $2,178–$3,630/year.
How does the California AG Data Breach Report Registry date / FRCP 16(b) scheduling order date / § 1798.150(a) fee award date Welch three-anchor framework apply to cybersecurity billing documentation?
Three Welch temporal anchors: (1) California AG Data Breach Report Registry mandatory notification date (California AG online data breach reporting portal — non-PACER state regulatory database outside all court systems) — primary anchor; the AG registry date is the earliest verifiable billing anchor for cybersecurity practice because § 1798.29(a) notification must precede any civil complaint; (2) FRCP 16(b) scheduling order class certification briefing deadline (PACER) — secondary anchor; each CCPA § 1798.150 class certification milestone generates advisory calls tied to a specific PACER date; TransUnion standing, Rule 23(b)(3) predominance, and § 502(e) concurrent claim analysis calls arrive on the scheduling order calendar; (3) CCPA § 1798.150(a) mandatory statutory damages and attorney fee award order date (PACER or California state court) — closing anchor; § 1798.150(a) "any other relief the court deems proper" encompasses attorney fees; § 502(e)(2) independently awards "reasonable attorney's fees to a prevailing party"; Hensley lodestar from California AG registry notification date through final approval.
How does the CCPA § 1798.150(a) mandatory statutory damages and attorney fee petition advisory generate billing gaps on the post-judgment calendar?
§ 1798.150(a) statutory damages ($100–$750 per consumer per incident or actual damages) plus "any other relief the court deems proper" (attorney fees) are the mandatory recovery for prevailing CCPA plaintiffs in data breach class actions. § 502(e)(2) independently awards "reasonable attorney's fees to a prevailing party" in CDAFA concurrent claims. Two call types: CCPA § 1798.150(a) statutory damages calculation and Hensley lodestar fee petition advisory (44–52 min, arriving at final approval — requires per-consumer damages calculation for certified class, Hensley lodestar from AG registry notification date through approval, PLCM Group California market rate, Jenkins fees-on-fees) and Cal. Penal Code § 502(e)(2) CDAFA concurrent fee petition and Ketchum multiplier advisory (44–52 min, arriving at bifurcated California fee petition — requires § 502(e)(2) independent fee provision, Ketchum multiplier for California § 502 component, PLCM Group rate, Dague no-multiplier for any federal component, Jean fees-on-fees). At 55% untracked: 5 clients × 2 calls × 44 min × 55% ≈ 4.03 hours = $1,210–$2,017/year. Total annual gap: $5,148–$8,580.