Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

California investigating loyalty programs for CCPA compliance

Privacy/Cyber Risk & Data Security State Issues State Attorney General California CCPA

Privacy, Cyber Risk & Data Security

On January 28, the California attorney general announced an “investigative sweep” of businesses operating loyalty programs in the state. The California Consumer Privacy Act (CCPA), which became effective January 1, 2020, requires businesses that offer financial incentives in exchange for personal information, including loyalty programs, to provide consumers with a notice that clearly describes the material terms of the financial incentive program before consumers opt-in. (See InfoBytes coverage of the CCPA here.) Notices of noncompliance were sent to several businesses whose loyalty programs allegedly violated the CCPA, including data brokers, marketing companies, businesses handling children’s information, media outlets, and online retailers. Businesses have 30 days to cure or fix the alleged violation and come into compliance with the law before the initiation of an enforcement action. “I urge all businesses in California to take note and be transparent about how you’re using your customer’s data,” Attorney General Rob Bonta stated in the announcement. “My office continues to fight to protect consumer privacy, and we will enforce the law.”