Articles about California Labor And Employment Law.

Heads up, HR leaders. On July 1, 2025, California’s Civil Rights Department (CRD) released the official Model Crime Victims Notice, titled “Survivors of Violence and Family Members of Victims Right to Leave and Accommodations.” This notice

By: Todd Snyder Agrees to Pay $345,178 Fine to The CPPA and Other Equitable Relief

By: Todd Snyder Agrees to Pay $345,178 Fine to The CPPA and Other Equitable Relief

Last month, the Enforcement Division of the California Privacy Protection Agency (“the Privacy Police”) and Todd Snyder, Inc. (“Snyder”) resolved the investigation into Snyder’s website’s opt-out methods from November 1, 2023 to December 31, 2024 that allegedly violated the California Consumer Privacy Act (“CCPA”).

Snyder, a New York based men’s clothing retailer, operated retail stores and a website. The website utilized third party tracking software to help it with analytics and cross-context behavioral advertising. While Snyder told consumers that they could opt-out, the Privacy Police claimed that the website was not properly configured to actually allow customers to opt out. One issue was that the website’s “consent banner” would appear and then instantaneously disappear preventing consumers from opting out. In addition, when a consumer was able to reach the opt-out option, the Privacy Police claimed that Snyder was culpable of requiring an improper verification standard to persons who wished to opt out. Snyder required all consumers attempting to opt-out to verify the person’s name, email, country of residence and submit a photograph of the consumer holding official identity documents, like a driver’s license.

The Privacy Police criticized Snyder for:

• Allowing a third-party to manage Snyder’s website without adequate supervision by Snyder;
• Forcing consumers who wished to opt-out of sale/sharing to provide verification as such requests do not require verification under the CCPA;
• Requiring more identification information to opt-out than Snyder required when consumers made a purchase; and
• Requiring consumers to provide government identification documents with Sensitive Personal Information (“SPI”) which might decrease opt-out requests due to concerns about identity theft.

Take Aways

Snyder did not admit to liability for any violation of the CCPA and the full scope of the Privacy Police’s investigation and extent of potential penalties is not published in the Stipulation. The expedited resolution in the first four months of 2025 demonstrates that Snyder must have concluded that an expedited settlement, including payment of over $345,000 in fines and providing the Privacy Police with confirmation that it has developed new procedures to handle SPI and procedures to monitor third parties to ensure compliance with CCPA was the most efficient way to dispose of the investigation, legal fees and risks of greater penalties.

The Privacy Police monitor California and out-of-state corporations, alike. Any business that operates a website that shares or sells consumer information for 100,000 or more consumers should review their policies and opt out procedures to ensure compliance with the CCPA. Owners of commercial websites will be held responsible for monitoring consumer Opt-Out requirements, even if they believe that they have delegated such monitoring to third party vendors. Finally, ensure that the opt-out requirements comply with the CCPA and do not require unnecessary verification information or copies of government documents that contain personal identifying information.

Conclusion

The CCPA signifies a major advancement in consumer privacy protection, necessitating businesses to adopt proactive measures to ensure compliance. Contact Dan M. Forman, Linda Wang or your favorite member of CDF’s Privacy Practice Group to better understand potential penalties and the importance of safeguarding consumer data. 

By: 2025 Compliance Checklist: Distributing the CRD’s New Model Notice Under AB 2499

After January 1, 2025, Assembly Bill 2499 put new requirements on how California employers treat employees that are victims of crime. The bill expanded the definition of “victim” to include not only individuals directly subjected to domestic violence, sexual assault, or stalking, but also those who have experienced other qualifying crimes or abuse: including serious bodily injury, threat of injury or death, and crimes resulting in the death of a family member. The bill revises and expands leave protections for those victims. Next, the bill requires that all employers provide employees with written notice of their rights under the statute. Last, the new law requires companies with 25 or more employees to offer employees the same leave protections when one of the employee’s family members is the victim. 

Now the California Civil Rights Department (CRD) has issued the official model notice that employers are required to distribute. 

What Does the Notice Cover?

The notice informs employees that are crime victims of their rights to:

• Take job-protected leave to:
  • Obtain medical attention or psychological counseling related to an injury or experience of abuse or crime
  • Participate in safety planning, including relocating or implementing protective measures
  • Seek services from a domestic violence shelter, rape crisis center, or victim advocacy organization
  • Attend court proceedings, including those related to protective orders, restraining orders, or other legal actions connected to the crime
  • Handle other needs arising as a direct result of being a victim (or a family member of a victim), such as attending funerals, grieving, or resolving legal and financial matters
• Request reasonable safety accommodations in the workplace, which may include:
  • Modified work schedules or location changes
  • Installation of locks, implementation of safety protocols, or other adjustments to increase physical security
  • Changes to phone numbers, email addresses, or other personal contact information
  • Transfer or reassignment, if appropriate and feasible
• Be protected from retaliation or discrimination for:
  • Taking or requesting leave under these provisions
  • Requesting workplace accommodations for safety
  • Disclosing victim status to the employer for the purpose of obtaining these protections

Again, when a company has 25 or more employees, these same protections must be made available to an employee when their family member is the victim.  

Distribution Requirements for Employers

All employers must provide the CRD’s model notice in two situations:

1. To all new employees at the time of hire
2. To current employees upon request

Employers may use the model notice published by the CRD or create their own version, so long as the notice is “substantially similar in content and clarity.”

Next Steps for Employers

To ensure compliance, employers should:

• Download and review the model notice issued by the CRD. 
• Incorporate the notice into onboarding documents for all new hires and make sure it is available to current employees
• Train HR personnel and managers on employee rights under AB 2499 and related Labor Code provisions
• Review and update relevant leave, accommodation, and anti-retaliation policies

The CRD has until July 1, 20225 to post the new notice. You can check for updates here. We will also update this blog with a link to the new notice as soon as it is issued.

If you have any questions regarding the CRD’s new notice, please contact your favorite CDF attorney. To stay up to date, be sure to subscribe to CDF’s California Labor & Employment Blog.

_{*Special thanks to CDF law clerk Victor Weber for their research and contributions to this article.}