On May 6, 2025, the California Privacy Protection Agency (“CPPA”) announced a decision requiring Todd Snyder, Inc., a clothing retailer, to change its business practices and pay a fine of $345,178 to resolve allegations that the company violated the California Consumer Privacy Act (“CCPA”).
The CPPA alleged that Todd Snyder failed to properly process consumer requests to opt out of the sale or sharing of their personal information for 40 days, required more information than was necessary to process consumer’s privacy requests, and required consumers to verify their identity before they could opt-out. In addition to paying the fine, Todd Snyder agreed to change its business practices, including by having properly conforming its system for submitting and managing opt-out preferences, as well as providing CCPA training for Todd Snyder employees. The settlement appears consistent with the CPPA’s past advisory regarding applying data minimization to consumer requests.
This is the CPPA’s second settlement this year. Companies should be aware of the uptick in CPPA enforcement. Thompson Coburn attorneys are continuing to monitor these developments.
