On August 24, 2022, California Attorney General Rob Bonta announced the first public enforcement action under the California Consumer Privacy Act (CCPA), which took effect in January 2020. The action highlights several lessons for online retailers and other companies with an online presence, and suggests some best practices on which to take action in the aftermath of the announcement.
The Violations and Settlement. The state accused a national beauty retailer of three violations under CCPA:
If approved by the court, the settlement requires the retailer to pay a $1.2 million fine and correct the violations. In addition, within 180 days of the effective date of the judgment and for the following two years, the company must provide annual reports to the attorney general about its sale of personal information and how it is processing opt-out requests, among other required information.
Key Points. Some legal analysts commented the Attorney General is using the company as an example, noting ambiguities in some definitions under the law. Nevertheless, the action surfaced three key points that should prompt companies to review their practices:
Best Practices. As a result of this enforcement action – which was one of more than 100 notices alleging CCPA violations that were part of the Attorney General’s investigative sweep – organizations doing business in California should consider evaluating their digital infrastructure and reviewing their privacy policies to ensure compliance not only with CCPA, but also with the California Privacy Rights Act (CPRA). This new regulation goes into effect January 1, 2023, and expands on existing consumer privacy rights. Actions taken today will mitigate potential financial and reputational risks in the future.
Even as privacy regulations and interpretations continue to change, businesses can enact certain common-sense safeguards to mitigate risks related to data privacy. First principles begin with the responsible treatment of data, including transparency, data minimization, accuracy and security.
To learn more about how the Relyance platform can contribute to a responsible data privacy and protection program, please click here to book a demo.
On August 24, 2022, California Attorney General Rob Bonta announced the first public enforcement action under the California Consumer Privacy Act (CCPA), which took effect in January 2020. The action highlights several lessons for online retailers and other companies with an online presence, and suggests some best practices on which to take action in the aftermath of the announcement.
The Violations and Settlement. The state accused a national beauty retailer of three violations under CCPA:
If approved by the court, the settlement requires the retailer to pay a $1.2 million fine and correct the violations. In addition, within 180 days of the effective date of the judgment and for the following two years, the company must provide annual reports to the attorney general about its sale of personal information and how it is processing opt-out requests, among other required information.
Key Points. Some legal analysts commented the Attorney General is using the company as an example, noting ambiguities in some definitions under the law. Nevertheless, the action surfaced three key points that should prompt companies to review their practices:
Best Practices. As a result of this enforcement action – which was one of more than 100 notices alleging CCPA violations that were part of the Attorney General’s investigative sweep – organizations doing business in California should consider evaluating their digital infrastructure and reviewing their privacy policies to ensure compliance not only with CCPA, but also with the California Privacy Rights Act (CPRA). This new regulation goes into effect January 1, 2023, and expands on existing consumer privacy rights. Actions taken today will mitigate potential financial and reputational risks in the future.
Even as privacy regulations and interpretations continue to change, businesses can enact certain common-sense safeguards to mitigate risks related to data privacy. First principles begin with the responsible treatment of data, including transparency, data minimization, accuracy and security.
To learn more about how the Relyance platform can contribute to a responsible data privacy and protection program, please click here to book a demo.
On August 24, 2022, California Attorney General Rob Bonta announced the first public enforcement action under the California Consumer Privacy Act (CCPA), which took effect in January 2020. The action highlights several lessons for online retailers and other companies with an online presence, and suggests some best practices on which to take action in the aftermath of the announcement.
The Violations and Settlement. The state accused a national beauty retailer of three violations under CCPA:
If approved by the court, the settlement requires the retailer to pay a $1.2 million fine and correct the violations. In addition, within 180 days of the effective date of the judgment and for the following two years, the company must provide annual reports to the attorney general about its sale of personal information and how it is processing opt-out requests, among other required information.
Key Points. Some legal analysts commented the Attorney General is using the company as an example, noting ambiguities in some definitions under the law. Nevertheless, the action surfaced three key points that should prompt companies to review their practices:
Best Practices. As a result of this enforcement action – which was one of more than 100 notices alleging CCPA violations that were part of the Attorney General’s investigative sweep – organizations doing business in California should consider evaluating their digital infrastructure and reviewing their privacy policies to ensure compliance not only with CCPA, but also with the California Privacy Rights Act (CPRA). This new regulation goes into effect January 1, 2023, and expands on existing consumer privacy rights. Actions taken today will mitigate potential financial and reputational risks in the future.
Even as privacy regulations and interpretations continue to change, businesses can enact certain common-sense safeguards to mitigate risks related to data privacy. First principles begin with the responsible treatment of data, including transparency, data minimization, accuracy and security.
To learn more about how the Relyance platform can contribute to a responsible data privacy and protection program, please click here to book a demo.
On August 24, 2022, California Attorney General Rob Bonta announced the first public enforcement action under the California Consumer Privacy Act (CCPA), which took effect in January 2020. The action highlights several lessons for online retailers and other companies with an online presence, and suggests some best practices on which to take action in the aftermath of the announcement.
The Violations and Settlement. The state accused a national beauty retailer of three violations under CCPA:
If approved by the court, the settlement requires the retailer to pay a $1.2 million fine and correct the violations. In addition, within 180 days of the effective date of the judgment and for the following two years, the company must provide annual reports to the attorney general about its sale of personal information and how it is processing opt-out requests, among other required information.
Key Points. Some legal analysts commented the Attorney General is using the company as an example, noting ambiguities in some definitions under the law. Nevertheless, the action surfaced three key points that should prompt companies to review their practices:
Best Practices. As a result of this enforcement action – which was one of more than 100 notices alleging CCPA violations that were part of the Attorney General’s investigative sweep – organizations doing business in California should consider evaluating their digital infrastructure and reviewing their privacy policies to ensure compliance not only with CCPA, but also with the California Privacy Rights Act (CPRA). This new regulation goes into effect January 1, 2023, and expands on existing consumer privacy rights. Actions taken today will mitigate potential financial and reputational risks in the future.
Even as privacy regulations and interpretations continue to change, businesses can enact certain common-sense safeguards to mitigate risks related to data privacy. First principles begin with the responsible treatment of data, including transparency, data minimization, accuracy and security.
To learn more about how the Relyance platform can contribute to a responsible data privacy and protection program, please click here to book a demo.