The California Privacy Protection Agency (CPPA) has announced its intention to impose a $46,000 fine on National Public Data, a data broker that experienced a significant data breach in 2024. This breach, which took place in April, involved hackers gaining access to databases containing Social Security numbers and other personal information, affecting approximately 270 million individuals and totaling around three billion records. Despite the massive scale of the breach, it was noted that much of the data stolen was inaccurate.
Following the breach, National Public Data filed for bankruptcy protection, but a Florida bankruptcy court rejected the petition in November 2024, allowing legal actions to proceed against the company. The CPPA has been enforcing the California Consumer Privacy Act (CCPA), which mandates that data brokers must register with the agency by January 31, 2024, or face penalties.
National Public Data failed to meet the registration deadline and only submitted its registration on September 18, 2024, after being contacted by CPPA enforcement officials. This delay led the CPPA to pursue a claim against the company, seeking the $46,000 fine for failing to comply with the CCPA regulations. Data brokers like National Public Data play a crucial role in collecting and selling personal information, often for profit, and the CCPA aims to oversee their activities to safeguard consumer privacy rights.
This latest legal action against National Public Data represents the sixth enforcement effort by the CPPA against a data broker since its inception. Previous enforcement actions have resulted in settlement agreements, demonstrating the agency’s commitment to holding companies accountable for privacy breaches. Despite registering after the data breach, National Public Data continues to face repercussions for its delayed compliance with state privacy laws. The CPPA’s consistent enforcement actions underscore the importance of adhering to privacy regulations and ensuring the proper protection of sensitive personal data.
The breach and subsequent legal proceedings have placed National Public Data under intense scrutiny. The company’s parent company, Jerico Pictures, has refrained from commenting on the matter, raising questions about the company’s financial ability to pay the imposed fine, particularly after the dismissal of its bankruptcy proceedings. The CPPA’s unwavering enforcement actions against the company highlight the significance of upholding state privacy regulations and guaranteeing the adequate protection of personal data. This case also sheds light on the increasing authority of regulatory agencies in holding businesses accountable for data security incidents.
Overall, the actions taken by the CPPA serve as a clear message to data brokers and businesses that the protection of consumer data is a top priority, and any violations of privacy regulations will be met with consequences. As data breaches and privacy concerns continue to pose significant risks, regulatory agencies like the CPPA play a crucial role in upholding privacy standards and safeguarding sensitive information.