DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CPPA Brings Enforcement Action Against National Public Data

Posted on February 21, 2025February 22, 2025 by Dissent
There’s been a state enforcement action against National Public Data, but it’s not for the data breach that resulted in the leak of 2.9 billion records. It’s for failure to register with California as a data broker.

 

News: February 20, 2025

SACRAMENTO — The Enforcement Division of the California Privacy Protection Agency (CPPA) has brought an enforcement action seeking a $46,000 fine against Jerico Pictures, Inc., d/b/a National Public Data, a Florida-based data broker, for failing to register and pay an annual fee as required by the Delete Act. The Enforcement Division has taken action against six data brokers since announcing an investigative sweep of data broker registration compliance, with the first five cases resulting in settlement.

National Public Data made headlines last year after a data breach at the company reportedly exposed 2.9 billion records, including names and Social Security numbers. In October 2024, CPPA’s Enforcement Division filed a claim against National Public Data in the U.S. Bankruptcy Court for the Southern District of Florida, alleging that the company was on the hook for an administrative fine for failing to register with the CPPA. The court ultimately dismissed the company’s bankruptcy petition. The Enforcement Division continued its efforts yesterday by filing an administrative action against National Public Data, seeking to recover the $46,000 fine.

The case arises from California’s Delete Act, which requires data brokers to register and pay an annual fee that funds the California Data Broker Registry. Businesses that operated as data brokers in 2023 had until January 31, 2024, to register with the CPPA or face fines of $200 per day. The Enforcement Division alleged that National Public Data registered on September 18, 2024 — or 230 days late — and did so only after the Enforcement Division had contacted the company during an investigation.

“We will pursue data brokers who violate the law, plain and simple,” said Michael Macko, the Agency’s head of enforcement. “I applaud our Enforcement team for its dogged pursuit of these violations. The Enforcement Division will use all available tools, including litigation, to make sure that data brokers aren’t operating in the dark.”

Fees from the Data Broker Registry also fund the development of a first-of-its-kind deletion mechanism, called the Delete Request and Opt-Out Platform (DROP), that will allow consumers to direct all data brokers to delete their personal information in a single request. DROP will be available to consumers in 2026.

Source: California Privacy Protection Agency

Category: State/Local

Post navigation

← HHS Office for Civil Rights Imposes a $1,500,000 Civil Money Penalty Against Warby Parker in HIPAA Cybersecurity Hacking Investigation
Niva Bupa investigates alleged data leak after cyber threat →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.