Alerts10.3.25
California Privacy Protection Agency Levies Record $1.35 Million Fine
Highlights
- The California Privacy Protection Agency (CPPA) issued a $1.35 million fine — its largest enforcement fine to date as California’s standalone privacy regulator.
- It signals the CPPA’s acceleration of enforcement and willingness to pursue significant financial penalties for systematic privacy failures.
- This is the first CPPA decision that addresses privacy notice requirements for job applicants and employees, with California remaining the only state providing full privacy protections for employment data without exemptions.
- The enforcement began with a single consumer complaint and now demonstrates that individual privacy grievances can trigger substantial regulatory scrutiny and multimillion-dollar financial exposure.
On Sept. 30, 2025, the California Privacy Protection Agency (CPPA) issued its largest enforcement fine to date, $1.35 million, in the first CPPA decision addressing privacy protections for job applicants. The settlement followed an investigation triggered by a single consumer complaint and establishes important precedents for employment data privacy, opt-out mechanism implementation, and the CPPA’s investigative authority.
Keep Up to Date in a Changing World
Do you want to receive more valuable insights directly in your inbox? Visit our subscription center and let us know what you’re interested in learning more about.
