Skip to main content
Skip to navigation

Regulatory Enforcement

Sephora fined $1.2M in first public CCPA enforcement

By Adrianne Appel2022-08-25T18:47:00

Cosmetics retailer Sephora agreed to pay $1.2 million in the first public enforcement action under California’s landmark consumer privacy law.

Sephora violated the California Consumer Privacy Act (CCPA) and sold consumers’ personal data after they had requested their information not be sold, California Attorney General Rob Bonta said in a press release Wednesday.

The CCPA, which took effect in 2020, is the country’s first and only active comprehensive state data privacy law. Since the start of 2021, Virginia, Colorado, Utah, and Connecticut have passed privacy laws of their own, each set to take effect in 2023. Congress is considering whether a federal data privacy law is needed and how strong the protections should be.

THIS IS MEMBERS-ONLY CONTENT

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
DoorDash fined $375K in second public CCPA enforcement

2024-02-22T12:54:00Z By Kyle Brasseur

Food delivery company DoorDash agreed to pay a $375,000 fine as part of a settlement announced by California Attorney General Rob Bonta addressing alleged violations of the California Consumer Privacy Act.
Opinion
Legacy of CCPA: A blueprint for prioritizing compliance

2023-03-02T14:00:00Z By Kyle Brasseur

Three years in, the promise of the California Consumer Privacy Act as a means of handing down eye-watering penalties against companies for data protection violations remains unfulfilled. And yet, the expanding U.S. data privacy legislation landscape is better for this.
Premium
California ‘setting the tone’ for privacy push with CPRA updates

2023-03-01T14:00:00Z By Adrianne Appel

Changes to the California Consumer Privacy Act set to come over the course of 2023 strengthen the nation’s first comprehensive state privacy law to a benchmark no other states have yet to equal.

More from Regulatory Enforcement

Article
Top Ethics and Compliance Failures of 2025

2025-12-17T20:09:00Z By Adrianne Appel

The 2025 year has been so rich with compliance stinkers, and rife with poor judgment, compliance missteps, outright malfeasance and greed, greed, greed, that it was almost impossible to choose just six epic compliance failures from this year’s massive poop pile.
Article
FATF focus on criminal asset recovery points to a more investigatory role for compliance

2025-12-11T21:18:00Z By Ruth Prickett

Global organised crime is booming, and only 1 to 2 percent of the $4 trillion black economy is intercepted, according to figures from the Financial Action Task Force. Its new guidance suggests that countries should focus on rapid investigations, collaborative intelligence gathering, and confiscating the proceeds of criminal activity.
Article
Crypto network Paxful will plead guilty to BSA violations, pay $4M fine, shut down

2025-12-11T21:14:00Z By Oscar Gonzalez

Paxful, a crypto peer-to-peer network, will plead guilty to multiple federal criminal charges related to violations of the Bank Secrecy Act (BSA), among others. The plea agreement follows years of scrutiny from regulators over anit-money laundering (AML) compliance failures.