Publication
California Imposes Record $1.35M Fine for Job Applicant and Consumer Privacy Violations
The California Privacy Protection Agency recently issued its largest fine to date — $1.35 million — against Tractor Supply for violating the privacy rights of job applicants and consumers. This is the first-ever California Consumer Privacy Act (“CCPA”) enforcement action involving job applicants, signaling increased scrutiny of employer practices under California’s privacy laws. Notably, the case confirms that companies operating in a purely B2B environment are no longer insulated from CCPA enforcement.
What Triggered the Enforcement?
A single consumer complaint sparked the investigation, which revealed multiple violations, including failure to:
- Provide compliant privacy notices to job applicants and inform them of their CCPA rights
- Maintain an adequate privacy policy
- Honor opt-out requests and browser-based opt-out signals (e.g., Global Privacy Control)
- Use proper contracts with vendors, advertisers, and analytics providers
Why This Matters
- Applicant and employee data is fully covered under the CCPA — California is the only state with this requirement. Even exclusively B2B businesses must comply.
- All industries are subject to enforcement, not just technology or data-driven sectors.
- Investigations can escalate quickly, even from a single complainant.
- Fixing issues after an investigation begins won’t eliminate liability — proactive compliance is essential.
Immediate Steps for Businesses
To reduce the risk of CPPA scrutiny, companies should:
- Update privacy notices for applicants, employees, and website visitors
- Audit job portals, application systems, and employee platforms
- Review vendor and AdTech contracts for CCPA-compliant terms
- Maintain clear records of tracking technologies in use (cookies, pixels, analytics tools)
- Train HR, Legal/Privacy, Marketing, and IT teams on CCPA obligations
What’s Next?
Under the settlement, Tractor Supply must complete five years of audits, employee retraining, opt-out monitoring, and public reporting of privacy metrics — a clear indication of the compliance expectations California regulators now expect organizations to meet.
About Snell & Wilmer
Founded in 1938, Snell & Wilmer is a full-service business law firm with more than 500 attorneys practicing in 17 locations throughout the United States and in Mexico, including Los Angeles, Orange County, Palo Alto and San Diego, California; Phoenix and Tucson, Arizona; Denver, Colorado; Washington, D.C.; Boise, Idaho; Las Vegas and Reno-Tahoe, Nevada; Albuquerque, New Mexico; Portland, Oregon; Dallas, Texas; Salt Lake City, Utah; Seattle, Washington; and Los Cabos, Mexico. The firm represents clients ranging from large, publicly traded corporations to small businesses, individuals and entrepreneurs. For more information, visit swlaw.com.
