Rural lifestyle giant Tractor Supply Co. has been ordered to pay a $1.35 million penalty and revamp its privacy practices after California regulators accused the retailer of failing to properly safeguard consumer and job applicant data. The fine, announced Tuesday, is the largest in the California Privacy Protection Agency’s (CPPA) history, underscoring the state’s hardening stance on corporate accountability.
Regulator’s Hard Line on Privacy
The CPPA said Tractor Supply fell short of the California Consumer Privacy Act (CCPA) by not adequately informing customers and job applicants of their privacy rights, neglecting to ensure service providers protected personal data, and failing to offer consumers a clear way to stop the sale or sharing of their information.
“This action underscores our ongoing commitment to ensuring consumers and job applicants alike can exercise their privacy rights,” said Michael Macko, the agency’s head of enforcement.
From Complaint to Courtroom
The saga began when a consumer complaint in Placerville triggered a CPPA investigation in early 2023. By August, the regulator had taken the unusual step of publicly disclosing its probe and petitioned a Sacramento court to force the retailer to comply with subpoenas covering practices dating back to 2020.
