
The California Privacy Protection Agency, the state’s main data privacy regulator, just announced its largest fine yet – a record-setting $1.35 million – against an employer that it found to have violated job applicant and consumer privacy rights. Today’s announcement marks the first-ever enforcement action involving job applicants, kicking off a new chapter when it comes to the way employers need to think about the California Consumer Privacy Act (CCPA). If you collect information from California job applicants, employees, or consumers, you will want to review our summary of this groundbreaking news and follow our six-step action plan.
What Happened?
The California Privacy Protection Agency (CPPA) launched its investigation against Tractor Supply, the nation’s largest rural lifestyle retailer, after it received a solitary complaint from a consumer in Placerville, CA. It is not publicly known whether this consumer was a job applicant, employee, website user, retail customer, or other consumer. But the reality is that a CPPA investigation can be triggered by any complaint, including from disgruntled former employees or from a current employee seeking to shield themselves from retaliation, or from a job applicant who was turned away or not considered for the job.
According to the September 30 agreement, the agency found that the employer failed to:
- Provide a compliant privacy notice to job applicants
- Inform job applicants of their rights and how to exercise them
- Maintain a legally sufficient privacy policy
- Honor opt-out requests submitted through its website
- Recognize browser-based opt-out preference signals (like Global Privacy Control) that consumers can use to automatically indicate that they don’t want their data sold or shared for targeted advertising purposes
- Enter into appropriate contracts that limit how third-party vendorscould use shared personal data and ensure they recognize opt-out signals
- Use proper contracts with advertising and analytics providers
5 Reasons Why This Development is Big News for Employers…
Google, Flo Health, Flurry to Pay $59.5M in Privacy Lawsuit
Three companies – Flo Health, Google and Flurry – have each agreed to shell ou…