The California Privacy Protection Agency, the state’s main data privacy regulator, just announced its largest fine yet – a record-setting $1.35 million – against an employer that it found to have violated job applicant and consumer privacy rights. Today’s announcement marks the first-ever enforcement action involving job applicants, kicking off a new chapter when it comes to the way employers need to think about the California Consumer Privacy Act (CCPA). If you collect information from California job applicants, employees, or consumers, you will want to review our summary of this groundbreaking news and follow our six-step action plan.

What Happened?

The California Privacy Protection Agency (CPPA) launched its investigation against Tractor Supply, the nation’s largest rural lifestyle retailer, after it received a solitary complaint from a consumer in Placerville, CA. It is not publicly known whether this consumer was a job applicant, employee, website user, retail customer, or other consumer. But the reality is that a CPPA investigation can be triggered by any complaint, including from disgruntled former employees or from a current employee seeking to shield themselves from retaliation, or from a job applicant who was turned away or not considered for the job.

According to the September 30 agreement, the agency found that the employer failed to:

  • Provide a compliant privacy notice to job applicants
  • Inform job applicants of their rights and how to exercise them
  • Maintain a legally sufficient privacy policy
  • Honor opt-out requests submitted through its website
  • Recognize browser-based opt-out preference signals (like Global Privacy Control) that consumers can use to automatically indicate that they don’t want their data sold or shared for targeted advertising purposes
  • Enter into appropriate contracts that limit how third-party vendorscould use shared personal data and ensure they recognize opt-out signals
  • Use proper contracts with advertising and analytics providers

5 Reasons Why This Development is Big News for Employers

Read The Full Article at Fisher Phillips

Data Breaches Enforcement
October 2, 2025
0 3

California Breaks New Ground With Record $1.35M Fine for Job Applicant Mistakes: 6-Step Action Plan for Employers

Enforcement USA
October 2, 2025
0 6

Google, Flo Health, Flurry to Pay $59.5M in Privacy Lawsuit

Enforcement USA
September 30, 2025
0 15

Nation’s Largest Rural Lifestyle Retailer to Pay $1.35M Over CCPA Violations

Data Breaches Enforcement
October 2, 2025
0 3

California Breaks New Ground With Record $1.35M Fine for Job Applicant Mistakes: 6-Step Action Plan for Employers

Canada Cybersecurity Data Breaches
July 30, 2025
0 137

Bill C-8 revives Canadian cyber security reform: What critical infrastructure sectors need to know

Canada Data Breaches
January 11, 2023
0 2,189

Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector

Check Also

Google, Flo Health, Flurry to Pay $59.5M in Privacy Lawsuit

Three companies – Flo Health, Google and Flurry – have each agreed to shell ou…