CPPA Brings Enforcement Action Against National Public Data

Posted on by Dissent
There’s been a state enforcement action against National Public Data, but it’s not for the data breach that resulted in the leak of 2.9 billion records. It’s for failure to register with California as a data broker.

 

News: 

SACRAMENTO — The Enforcement Division of the California Privacy Protection Agency (CPPA) has brought an enforcement action seeking a $46,000 fine against Jerico Pictures, Inc., d/b/a National Public Data, a Florida-based data broker, for failing to register and pay an annual fee as required by the Delete Act. The Enforcement Division has taken action against six data brokers since announcing an investigative sweep of data broker registration compliance, with the first five cases resulting in settlement.

National Public Data made headlines last year after a data breach at the company reportedly exposed 2.9 billion records, including names and Social Security numbers. In October 2024, CPPA’s Enforcement Division filed a claim against National Public Data in the U.S. Bankruptcy Court for the Southern District of Florida, alleging that the company was on the hook for an administrative fine for failing to register with the CPPA. The court ultimately dismissed the company’s bankruptcy petition. The Enforcement Division continued its efforts yesterday by filing an administrative action against National Public Data, seeking to recover the $46,000 fine.

The case arises from California’s Delete Act, which requires data brokers to register and pay an annual fee that funds the California Data Broker Registry. Businesses that operated as data brokers in 2023 had until January 31, 2024, to register with the CPPA or face fines of $200 per day. The Enforcement Division alleged that National Public Data registered on September 18, 2024 — or 230 days late — and did so only after the Enforcement Division had contacted the company during an investigation.

“We will pursue data brokers who violate the law, plain and simple,” said Michael Macko, the Agency’s head of enforcement. “I applaud our Enforcement team for its dogged pursuit of these violations. The Enforcement Division will use all available tools, including litigation, to make sure that data brokers aren’t operating in the dark.”

Fees from the Data Broker Registry also fund the development of a first-of-its-kind deletion mechanism, called the Delete Request and Opt-Out Platform (DROP), that will allow consumers to direct all data brokers to delete their personal information in a single request. DROP will be available to consumers in 2026.

Source: California Privacy Protection Agency

Category: State/Local