The CCPA is enforced by the California Attorney General’s office sending letters to businesses that fail to comply with the law. Non-compliant businesses then have 30 days to fix the alleged violations. If they fail to do so, they will be fined up to $2,500 per consumer for unintentional violations, and $7,500 per consumer for intentional violations.
The California Attorney General’s office began sending out enforcement notices on July 1st, 2020. Although the AG has sent letters to businesses from all types of industries, their main targets have been companies with the following characteristics:
- Businesses that operate mostly online and lack CCPA-required privacy documents
- Businesses that sell personal information but don’t provide a “Do Not Sell” link
- Businesses that have received privacy complaints from California consumers on social media or elsewhere