The following article first appeared on Robinson+Cole’s Data Privacy+Cybersecurity blog. It is reposted here with permission.

This week, the California Privacy Protection Agency issued its largest fine yet: $1.35 million against Tractor Supply.

This settlement is significant because it is the first-ever enforcement action involving job applicants under the California Consumer Privacy Act.

Based on an individual consumer’s complaint, the CPPA found that Tractor Supply failed to:

• Provide a compliant privacy notice to job applicants;
• Inform job applicants of their rights under the CCPA;
• Maintain a sufficient privacy policy;
• Honor opt-outs and browser preference signals (like global privacy controls); and
• Execute appropriate, compliant vendor and advertising contracts.

This enforcement action and settlement agreement is significant for several reasons:

• It reminds companies that job applicant and employee data is fully covered by the CCPA—California is the only state with comprehensive HR privacy obligations;
• It is the largest CPPA fine to date (and it most certainly won’t be the last one for this type of violation);
• It reiterates the point that the CCPA applies to ALL industries—not just tech and data brokers;
• One consumer complaint can snowball; small issues can lead to big investigations (and fines); and
• Fixing problems later won’t erase liability; proactive compliance is essential.

In addition to the fine, Tractor Supply must now conduct five years of strict audits of...

Read Full Story: https://news.google.com/rss/articles/CBMicEFVX3lxTFAyOC1NcXJUQU0yb20zZTMtMmwt...