The California Attorney General (AG) recently brought its first-ever enforcement action over violations of the California Consumer Privacy Act of 2018 (CCPA). To settle the action, a company will pay a $1.2‑million penalty and implement remedial measures to clarify its online disclosure and consumer opt-out practices. The terms of the settlement sound a warning to fund managers and all other organizations that conduct business with California customers. This article analyzes the defendant’s alleged missteps and the settlement terms; discusses their broader implications; and offers lessons from the case for firms subject to CCPA compliance. See “CPRA Draft Regulations: Essential Takeaways and 10 Actions to Take Now” (Aug. 25, 2022).