Penalty Amount
$345,178
The California Privacy Protection Agency (CPPA) settled with Todd Snyder, Inc. for violating the California Consumer Privacy Act (CCPA) by failing to process opt-out requests, requiring excessive information for privacy requests, and improperly verifying identities for opt-outs. The company must pay a $345,178 fine and overhaul its privacy practices, including configuring opt-out mechanisms and providing employee training.
Todd Snyder must pay a $345,178 fine, properly configure its systems to handle opt-out requests, and implement CCPA compliance training for employees.
Entity
Todd Snyder, Inc.
Also known as: Todd Snyder
Industry
RetailOfficial Press Release
https://privacy.ca.gov/2025/05/cppa-orders-clothing-retailer-todd-snyder-to-pay-six-figure-fine-overhaul-privacy-practices/
20250501 snyder order
https://privacy.ca.gov/wp-content/uploads/sites/357/2026/01/20250501_snyder_order.pdf
California Privacy Protection Agency Enforcement Page
https://cppa.ca.gov/enforcement/
$376K
The California Privacy Protection Agency settled with Ford Motor Company for $375,703 after finding that Ford violated the CCPA by requiring email verification for opt-out requests, creating unnecessary friction. Ford must implement easier opt-out methods, conduct a website audit, and comply with global privacy controls.
$1.1M
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$45K
Datamasters, a data broker, failed to register with the California Data Broker Registry as required by the Delete Act. The company sold sensitive personal information including health conditions, age, race, and political views. As a result, it must pay a $45,000 fine and cease all sales of Californians' personal information.
$57K
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The marketing firm sold custom audience lists built from consumer data without registration, highlighting that businesses collecting and selling personal information must comply with data broker requirements.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.
$1.4M
The California Privacy Protection Agency (CPPA) settled with Tractor Supply Company for $1.35 million over violations of the California Consumer Privacy Act (CCPA). The violations included failing to maintain a proper privacy policy, not notifying job applicants of their rights, lacking an effective opt-out mechanism, and sharing personal information without adequate contracts. Tractor Supply must pay the fine and implement remedial measures such as scanning digital properties and annual compliance certification.