California Seeks $46,000 Fine Against National Public Data for Registry Non-Compliance

The California Privacy Protection Agency (CPPA) is pursuing a $46,000 fine against National Public Data, a Florida-based data broker, for failing to register under the state's data broker law, following a significant data breach where 2.9 billion records, including Social Security numbers, were compromised. National Public Data registered 230 days late, only after an investigation by the CPPA, which is now seeking legal enforcement of the fine as part of its sixth action against data brokers. The agency's enforcement efforts stem from the Delete Act, which mandates data brokers to be listed on a state registry by January 31, 2024, or face daily fines. The CPPA's action follows a rejected bankruptcy petition by National Public Data, which left it vulnerable to legal repercussions. Michael Macko, head of the CPPA's enforcement division, emphasized the agency's commitment to pursuing violations in the data broker industry. This initiative also supports the development of a deletion mechanism intended to allow consumers to request the removal of their personal information from data brokers in 2026.