DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CPPA Brings Enforcement Action Against National Public Data

Posted on February 21, 2025February 22, 2025 by Dissent
There’s been a state enforcement action against National Public Data, but it’s not for the data breach that resulted in the leak of 2.9 billion records. It’s for failure to register with California as a data broker.

 

News: February 20, 2025

SACRAMENTO — The Enforcement Division of the California Privacy Protection Agency (CPPA) has brought an enforcement action seeking a $46,000 fine against Jerico Pictures, Inc., d/b/a National Public Data, a Florida-based data broker, for failing to register and pay an annual fee as required by the Delete Act. The Enforcement Division has taken action against six data brokers since announcing an investigative sweep of data broker registration compliance, with the first five cases resulting in settlement.

National Public Data made headlines last year after a data breach at the company reportedly exposed 2.9 billion records, including names and Social Security numbers. In October 2024, CPPA’s Enforcement Division filed a claim against National Public Data in the U.S. Bankruptcy Court for the Southern District of Florida, alleging that the company was on the hook for an administrative fine for failing to register with the CPPA. The court ultimately dismissed the company’s bankruptcy petition. The Enforcement Division continued its efforts yesterday by filing an administrative action against National Public Data, seeking to recover the $46,000 fine.

The case arises from California’s Delete Act, which requires data brokers to register and pay an annual fee that funds the California Data Broker Registry. Businesses that operated as data brokers in 2023 had until January 31, 2024, to register with the CPPA or face fines of $200 per day. The Enforcement Division alleged that National Public Data registered on September 18, 2024 — or 230 days late — and did so only after the Enforcement Division had contacted the company during an investigation.

“We will pursue data brokers who violate the law, plain and simple,” said Michael Macko, the Agency’s head of enforcement. “I applaud our Enforcement team for its dogged pursuit of these violations. The Enforcement Division will use all available tools, including litigation, to make sure that data brokers aren’t operating in the dark.”

Fees from the Data Broker Registry also fund the development of a first-of-its-kind deletion mechanism, called the Delete Request and Opt-Out Platform (DROP), that will allow consumers to direct all data brokers to delete their personal information in a single request. DROP will be available to consumers in 2026.

Source: California Privacy Protection Agency

Category: State/Local

Post navigation

← HHS Office for Civil Rights Imposes a $1,500,000 Civil Money Penalty Against Warby Parker in HIPAA Cybersecurity Hacking Investigation
Niva Bupa investigates alleged data leak after cyber threat →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism
  • Kenyan court orders Worldcoin to delete all biometric data
  • Virginia Governor Signs into Law Bill Restricting Minors’ Use of Social Media

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.