The California Attorney General (“AG”) recently released a summary of enforcement actions the agency brought against companies in violation of the CCPA since enforcement of the Act began on July 1, 2020. The summary provides 27 illustrative examples of instances in which the AG sent notices of alleged noncompliance with the CCPA and how each company cured the alleged noncompliance.

The table below sets forth the types and number of alleged CCPA violations in the enforcement actions summarized by the AG:

Alleged CCPA Violation Number of Times Alleged
Non-Compliant Privacy Policy 14
No “Do Not Sell My Personal Information” Link/
Non-Compliant Opt-Out of Sale Process
Lack of CCPA Request Methods 6
No Notice to Consumers at Time of Collection 5
Failure to Disclose Sale of Personal Information (Ad Tech) 5
Non-Compliant Service Provider Contracts 2
Lack of Opt-In to Sale Mechanism for Minors 1
No Notice of Financial Incentive 1
Verification Requirement for Opt-Out of Sale Requests 1
Account Creation for Verification of CCPA Requests 1
Untimely Responses to CCPA Requests 1
Charging Fees for CCPA Requests 1
Defective CCPA Request Methods/Lack of Toll-Free Number 1
Non-Compliant Authorized Agent Verification Method 1

The AG also launched the Consumer Privacy Interactive Tool, which allows California consumers to draft a notice of noncompliance to businesses that do not post an easy-to-find “Do Not Sell My Personal Information” link on their website. The AG has indicated that the agency hopes to expand the tool to include other CCPA violations in the future.