Have you been leisurely following California Consumer Privacy Act (CCPA) litigation thinking, “That’s only for data breaches, not ‘soft’ violations.”

Think again.

California Attorney General Rob Bonta’s office has been busy enforcing CCPA for the past year.

Per a new enforcement report, you had better make sure that:

  • Your privacy policy is easily understood.
  • You have notices at collection, online and offline.
  • Your “Do Not Sell” link is there and works. (Links to DAI/NAA opt out pages are not enough!)
  • You disclose your financial incentives.
  • Your service provider agreements have the right limitations.

The AG also has added a new reporting tool for individuals to report faulty or missing “Do Not Sell” links.

You can take a deeper dive into the issue by reading this OneTrust DataGuidance article.