Security News > 2022 > August > Cosmetics giant Sephora first to be fined for violating California’s Consumer Privacy Act

Cosmetics giant Sephora first to be fined for violating California’s Consumer Privacy Act
2022-08-26 14:33

Cosmetics giant Sephora first to be fined for violating California's Consumer Privacy Act.

International cosmetics giant Sephora is the first company to be publicly fined for violating California's Consumer Privacy Act.

Following its investigation, the California Attorney General's office said it found that Sephora failed to tell customers that it was selling their personal data, that it neglected to process requests from users opting out of the sale of their data and that it didn't resolve these violations within the 30-day time period allowed by the CCPA. Passed in 2018, the CCPA is designed to give consumers specific rights over the use and sale of their personal data by companies that do business in California.

The company must provide reports to the California Attorney General's office relating to its sale of personal data, the status of its service provider relationships and its efforts to honor the Global Privacy Control specification.

"The recent fine levied on Sephora by the state of California is a brutal wake-up call for organizations that don't take rapidly-evolving data privacy regulations seriously," said Jeff Sizemore, chief governance officer at security and compliance firm Egnyte.

"In particular, companies need to: 1) Have effective processes in place to process opt-out requests; 2) Manage consumers' requests that are made through global privacy control technology; 3) Inform consumers when their data is being sold; and 4) Keep their privacy policies up to date."


News URL

https://www.techrepublic.com/article/sephora-fined-violating-ccpa/