Publication
California Imposes Record $1.35M Fine for Job Applicant and Consumer Privacy Violations
The California Privacy Protection Agency recently issued its largest fine to date — $1.35 million — against Tractor Supply for violating the privacy rights of job applicants and consumers. This is the first-ever California Consumer Privacy Act (“CCPA”) enforcement action involving job applicants, signaling increased scrutiny of employer practices under California’s privacy laws. Notably, the case confirms that companies operating in a purely B2B environment are no longer insulated from CCPA enforcement.
What Triggered the Enforcement?
A single consumer complaint sparked the investigation, which revealed multiple violations, including failure to:
- Provide compliant privacy notices to job applicants and inform them of their CCPA rights
- Maintain an adequate privacy policy
- Honor opt-out requests and browser-based opt-out signals (e.g., Global Privacy Control)
- Use proper contracts with vendors, advertisers, and analytics providers
Why This Matters
- Applicant and employee data is fully covered under the CCPA — California is the only state with this requirement. Even exclusively B2B businesses must comply.
- All industries are subject to enforcement, not just technology or data-driven sectors.
- Investigations can escalate quickly, even from a single complainant.
- Fixing issues after an investigation begins won’t eliminate liability — proactive compliance is essential.
Immediate Steps for Businesses
To reduce the risk of CPPA scrutiny, companies should:
- Update privacy notices for applicants, employees, and website visitors
- Audit job portals, application systems, and employee platforms
- Review vendor and AdTech contracts for CCPA-compliant terms
- Maintain clear records of tracking technologies in use (cookies, pixels, analytics tools)
- Train HR, Legal/Privacy, Marketing, and IT teams on CCPA obligations
What’s Next?
Under the settlement, Tractor Supply must complete five years of audits, employee retraining, opt-out monitoring, and public reporting of privacy metrics — a clear indication of the compliance expectations California regulators now expect organizations to meet.
About Snell & Wilmer
Founded in 1938, Snell & Wilmer is a full-service business law firm with more than 500 attorneys practicing in 17 locations throughout the United States and in Mexico, including Phoenix and Tucson, Arizona; Los Angeles, Orange County, Palo Alto and San Diego, California; Denver, Colorado; Washington, D.C.; Boise, Idaho; Las Vegas and Reno-Tahoe, Nevada; Albuquerque, New Mexico; Portland, Oregon; Dallas, Texas; Salt Lake City, Utah; Seattle, Washington; and Los Cabos, Mexico. The firm represents clients ranging from large, publicly traded corporations to small businesses, individuals and entrepreneurs. For more information, visit swlaw.com.
