Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsDo Not Sell: A significant data privacy message from the Attorney General of California
“My office is watching, and we will hold you accountable.”
A significant data privacy milestone was reached on August 24, 2022, with Rob Bonta, the AG of California, announcing the first significant settlement of $1.2 million under the CCPA. The violation pertains to Sephora’s “Do Not Sell” policies and procedures.
Sephora failed to tell customers that it was selling their personal information, failed to allow customers to opt out of that sale and didn’t fix the problem within 30 days as required by the law, even after it was notified of the violation. The company agreed to pay $1.2 million and immediately correct the problem under the settlement.
“The kid gloves are coming off,” Bonta said in an online news conference. “There are no more excuses. Follow the law. Do right by consumers.” AG Bonta was very clear stating, “if you get a commercial benefit from sharing data, that’s a sale under CCPA”.
Key points that any company doing business in California should take away from this:
- Providing third parties (advertising networks, business partners, and data analytics providers) with access to your customers’ data in exchange for services from those entities is a sale of personal information as defined by the CCPA.
- Personal information being transferred to third-party companies can be highly sensitive data, products like skincare, prenatal and menopause support vitamins, and infer women’s health conditions.
- Utilizing third-party tracking technology without alerting your consumers deprives them of the ability to limit the proliferation of their personal information across third-party sharing.
- If you sell/share personal information, as defined in the CCPA, you must inform your customers and indicate this in your privacy disclosure.
- You must implement Global Privacy Control and allow users to notify your business of their privacy preferences.
- If you fail to cure these issues in 30 days once notified, the AG will preform an investigation and enforcement will happen.
Clarip’s Data Privacy Governance Platform ensures compliance with all consumer privacy regulations, including “Do Not Sell”. Allow customers to submit, revoke and update granular consent with Clarip Consent Management. Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.
Email Now:
Mike Mango, VP of Sales
mmango@clarip.com
