July 24, 2023

Now would be a good time for employers to re-examine their privacy policies, procedures and training to ensure they comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). 

On July 14, 2023, the California Attorney General announced it sent inquiries to a number of large employers as part of an investigation into CCPA compliance and to drive company readiness to meet the requirements of the CPRA. The AG announcement comes after a court recently postponed enforcement of the CPRA until March 29, 2024. 

Signed into law on January 1, 2018, the CCPA requires companies collecting personal information from more than 50,000 households and consumers to disclose what data they collect and fulfill consumer requests for more control over what data is collected, processed, shared or sold.  

The CPRA amends and expands the privacy rights for consumers under the CCPA and includes privacy protection provisions for employees and prospective employees. The postponement of the CPRA provides a brief reprieve for covered businesses, however enforcement of consumer privacy rights under the CCPA continues.  

“We are sending inquiry letters to learn how employers are complying with their legal obligations. We look forward to their timely response.”
California Attorney General Rob Bonta

In August 2022, the California AG announced a settlement with Sephora resolving allegations that it failed to disclose to consumers that it was selling their personal information and failed to process opt-out requests via user-enabled global privacy controls in violation of the CCPA. Earlier this year, the California AG’s Office announced it was conducting several investigative sweeps of mobile business applications to ensure they comply with consumer opt-out requests per the CCPA. 

Non-compliance with CCPA can result in civil penalties of $2,500 for each violation or $7,500 for each intentional violation after notice and a 30-day opportunity to cure. 

To avoid costly penalties, fines and reputational damage, organizations doing business in California or handling the personal data of its residents should take immediate steps to ensure they are complying with CCPA and CPRA requirements. 

Traliant’s California Consumer Privacy Act training ensures an employer’s workforce understands its responsibility to safeguard the sensitive information of consumers and employees. 



Maria D'Avanzo