Did your business receive a letter from the California Attorney General’s office about your loyalty program? You are not alone. The California AG celebrated Data Privacy Day last month by announcing that his office had conducted an “investigative sweep” of business operating loyalty programs in California. His office then sent out notices of non-compliance to several loyalty program operators.

In general, loyalty programs give customers who enroll incentives, rewards or discounts. The business then tracks the products purchased or the dollars spent by each program member. The California Consumer Protection Act (CCPA) requires that programs that provide “financial incentives” (i.e., promotions, discounts, and deals in exchange for personal information) must provide a notice of financial incentive. More about CCPA requirements and applicability can be found here.

The AG non-compliance notices, however, seem to focus more on the CCPA notice requirement. According to the Data Privacy Day press release, the California Attorney General intends to take action against businesses that fail to clearly inform consumers about how the business will use their data: “I urge all businesses in California to take note and be transparent about how you’re using your customer’s data. My office continues to fight to protect consumer privacy, and we will enforce the law.”

Putting it into Practice: This news shows that the California AG is going to be focusing on loyalty programs, and companies would be well served to review their disclosures and practices against the CCPA requirements.