California Attorney General Rob Bonta is serious about compliance with the California Consumer Privacy Act (CCPA). So serious, that on January 28, 2022, also known as Data Privacy Day, he announced that his office was commencing an investigative “sweep” of “businesses operating loyalty programs in California” and sent notices of noncompliance to businesses requiring them to cure within thirty days.

According to the AG’s press release, “Under the CCPA, businesses that offer financial incentives, such as discounts, free items, or other rewards, in exchange for personal information must provide consumers with a notice of financial incentive. This notice must clearly describe the material terms of the financial incentive program to the consumer before they opt into the program.” Although the AG did not reveal how many letters were issued, he did say that letters were sent “to major corporations in the retail, home improvement, travel, and food services industries.”

The timing of the issuance of the letters appears to be no coincidence. The AG stated, “On Data Privacy Day, we’re issuing notices to business that operate loyalty programs and use personal information in violation of California’s data privacy law. I urge all businesses in California to take note and be transparent about how you’re using your customer’s data. My office continues to fight to protect consumer privacy, and we will enforce the law.”

Warnings from a regulator are words to follow closely. If you offer a loyalty program, these words from the enforcer of the CCPA are clear and strong. If you haven’t implemented a CCPA compliance program, there is no better time than now.