What Happened
The California Privacy Protection Agency (CPPA) issued its largest-ever fine—$1.35 million—against an employer for failing to comply with the California Consumer Privacy Act (CCPA) when handling job applicant and employee data.
Violations included:
-
Missing applicant privacy notices.
-
Failing to inform applicants of their rights or honor opt-out requests.
-
Ignoring browser-based privacy signals like Global Privacy Control.
-
Using insufficient contracts with vendors handling applicant data.
This case shows that one complaint can trigger a sweeping investigation—and even self-correction after the fact won’t erase liability.
Why It Matters for Employers
-
Applicant data is covered: The CPPA made clear that applicant and employee data falls squarely under the CCPA.
-
All industries are at risk: This wasn’t a tech company—it was a retail employer, meaning every sector is vulnerable.
-
Investigations escalate quickly: A single complaint can snowball into multi-million dollar penalties.
-
Proactive compliance is essential: Waiting until an investigation starts is too late.
How fpSOLUTIONS Can Help
-
Templates for applicant privacy notices, employee privacy policies, and opt-out request workflows.
-
Vendor contract language to ensure third parties properly handle applicant and employee data.
All Access Products Pass Without Handbook
-
Ongoing updates and training modules for HR, IT, and recruiting teams.
-
Checklists and guides to align job portals, recruiting platforms, and employee systems with CCPA obligations.
Workplace Privacy & Data Protection Kits
-
Tools to catalog tracking technologies, monitor vendor use of applicant data, and build data-sharing inventories.
-
Prebuilt documentation to demonstrate compliance in audits or investigations.
-
Real-time updates on California privacy law updates, including CPPA enforcement actions, so you don’t get caught off guard.