The Enforcement Division of the California Privacy Protection Agency is pursuing a $46,000 fine against National Public Data, a data broker company based in California after claiming non-compliance with the annual fee and registration on the California Data Broker Registry.
Registration is required by the Delete Act. Six data brokers are being scrutinised in an investigation by the Enforcement Division, with the first 5 cases ending in settlement.
The data broker came to attention last year after 2.9 billion records were compromised in a data breach, including names and Social Security numbers.
Operating data brokers in 2023 were given a cut-off deadline until January 31, 2024, to register with the CPPA or face fines of $200 per day.
The Enforcement Division has pursued taking administrative action to recover the fine after first making a claim in the U.S. Bankruptcy Court for the Southern District of Florida back in October 2024. The company responded by setting up a bankruptcy petition which was dismissed.
National Public Data was registered 30 days late in September 2024 after the Enforcement Division contacted the company during the investigation.
“We will pursue data brokers who violate the law, plain and simple,” said Michael Macko, the Agency’s head of enforcement. “I applaud our Enforcement team for its dogged pursuit of these violations. The Enforcement Division will use all available tools, including litigation, to make sure that data brokers aren’t operating in the dark.”
Fees from the Data Broker Registry also fund the development of a first-of-its-kind deletion mechanism, called the Delete Request and Opt-Out Platform (DROP), that will allow consumers to instruct all data brokers to delete their personal information in 2026.
