On May 6, 2025, the California Privacy Protection Agency Board announced that it imposed a $345,178 fine on Todd Snyder, Inc., a New York-based men’s clothing retailer, for violating the California Consumer Privacy Act (“CCPA”) from approximately November 2023 to December 2024. According to the Board, Todd Snyder failed to properly oversee and configure its privacy portal’s technical infrastructure, which led to a 40-day failure to process requests that enabled consumers to opt-out of sharing their personal information. The Board also found that Todd Snyder violated the CCPA by requiring consumers to provide more information than necessary to process privacy requests and requiring consumers to verify their identities before they could opt-out of information sharing.
In addition to paying the fine, Todd Snyder agreed to modify certain business practices in order to comply with the CCPA, including the proper configuration of mechanisms used to submit and manage consumer opt-out preferences and compliance training for personnel that handles consumers’ personal information. According to the Stipulated Final Order, the company agreed to implement most of its process and system changes within 90 days and specifically agreed not to require consumers to provide more information than necessary when making Verifiable Consumer Requests.
California Privacy Protection Agency Announcement | Order of Decision and Stipulated Final Order