Todd Snyder Penalty Shows Overcollection Can Be Costly, Says Lawyer
The California Privacy Protection Agency's $345,000 fine for menswear retailer Todd Snyder last week (see 2505050066) put companies that do business in the state “on notice” that they shouldn’t collect excessive information to verify consumers’ identities, McCarter & English privacy attorney Erin Prest blogged Tuesday: “This is one detail at which the regulators are specifically looking and errors can be costly.”
Sign up for a free preview to unlock the rest of this article
“California is taking a close look at what companies say they are doing in order to make sure the companies are following through,” wrote Prest. “As more state data privacy laws -- and their enforcement -- come online, other states are likely to follow suit.”
Companies should make sure their opt-out processes work, and they aren’t conducting identity verification for consumers seeking to opt out, the lawyer blogged. “It is not sufficient to 'set it and forget it' for web maintenance. If the website’s options do not work, it is the company’s responsibility -- regardless of whether that has been contracted out to another entity.”