On May 6, 2025, the California Privacy Protection Agency ("CPPA") announced a decision requiring Todd Snyder, Inc., a clothing retailer, to change its business practices and pay a fine of $345,178 to resolve allegations that the company violated the California Consumer Privacy Act ("CCPA").
The CPPA alleged that Todd Snyder failed to properly process consumer requests to opt out of the sale or sharing of their personal information for 40 days, required more information than was necessary to process consumer privacy requests, and required consumers to verify their identity before they could opt out. In addition to paying the fine, Todd Snyder agreed to change its business practices, including by having properly conforming its system for submitting and managing opt-out preferences, as well as providing CCPA training for Todd Snyder employees. The settlement appears consistent with the CPPA's past advisory regarding applying data minimization to consumer requests.
This is the CPPA's second settlement this year. Companies should be aware of the uptick in CPPA enforcement. Thompson Coburn attorneys are continuing to monitor these developments.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
