Federal and state enforcement actions involving data broker non-compliance violations, tracked from official government sources.
29
Total Actions
$2.8B
Total Fines
5
Jurisdictions
The Federal Trade Commission (FTC) sent warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). PADFAA prohibits data brokers from selling or providing sensitive personal data about Americans to foreign adversaries such as China, Russia, Iran, and North Korea. The letters warn that violations could result in civil penalties of up to $53,088 per violation and urge companies to review their business practices for compliance.
Datamasters, a data broker, failed to register with the California Data Broker Registry as required by the Delete Act. The company sold sensitive personal information including health conditions, age, race, and political views. As a result, it must pay a $45,000 fine and cease all sales of Californians' personal information.
$45K
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The Nevada-based marketing firm must pay the fine and past-due fees. This action is part of CalPrivacy's enforcement against unregistered data brokers.
$57K
CalPrivacy issued Enforcement Advisory No. 2025-01 to remind data brokers of their annual registration obligations under California's Delete Act, including disclosing all trade names and websites and registering independently rather than through a parent company. The advisory warns that failures to comply may result in administrative fines of $200 per day, plus fees and recovery costs. It also highlights the upcoming Delete Request and Opt-Out Platform (DROP) launching January 1, 2026.
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The marketing firm sold custom audience lists built from consumer data without registration, highlighting that businesses collecting and selling personal information must comply with data broker requirements.
$57K
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers under the CCPA and Delete Act. The strike force will focus on compliance with registration requirements and other obligations, building on previous enforcement actions to increase accountability.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.
The California Privacy Protection Agency (CPPA) ordered Accurate Append, Inc. to pay a $55,400 fine for failing to register as a data broker under the Delete Act by the January 31, 2024 deadline. The company registered only after being contacted during an enforcement sweep and agreed to injunctive terms, including paying attorney fees for future non-compliance.
$55K
Texas Attorney General Ken Paxton announced a comprehensive privacy enforcement initiative, achieving record settlements with Meta ($1.4B) and Google ($1.375B) for biometric and geolocation data violations, suing General Motors and TikTok, and investigating numerous companies for children's data and AI practices. The AG's office has enforced multiple Texas privacy laws and registered over 200 data brokers.
$2.8B
The California Privacy Protection Agency ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under the Delete Act. The order was issued by default after the company did not contest the allegations, highlighting CPPA's enforcement of data broker registration requirements.
$46K
The California Privacy Protection Agency (CPPA) ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under California's Delete Act. The order was issued by default after the company did not contest the allegations. This enforcement action highlights the CPPA's efforts to ensure data broker compliance with registration laws.
$46K
The California Privacy Protection Agency settled with data broker Background Alert, Inc. for failing to register and pay fees under the Delete Act. The company must shut down its operations through 2028 or face a $50,000 fine. This action is part of a broader enforcement sweep against non-compliant data brokers.
The California Privacy Protection Agency (CPPA) filed an administrative action against National Public Data, a Florida-based data broker, for failing to register and pay the required annual fee under California's Delete Act. The agency is seeking a $46,000 fine for the violation, which occurred 230 days late, as part of an enforcement sweep targeting non-compliant data brokers.
$46K
The California Privacy Protection Agency (CPPA) filed an administrative action against Jerico Pictures, Inc., doing business as National Public Data, for failing to register and pay the required annual fee under the California Delete Act. The action seeks a $46,000 fine for the company's 230-day late registration, as part of CPPA's enforcement sweep against data brokers.
$46K
New York Attorney General Letitia James announced a settlement with Equifax Information Services, LLC for inaccurately reporting credit scores to lenders due to a coding error, which lowered consumers' scores and inflated costs for loans and insurance between March and April 2022. Equifax will pay $725,000 and implement safeguards to prevent future errors, with restitution for affected consumers.
$725K
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
The California Privacy Protection Agency (CPPA) settled with two data brokers, Infillion and The Data Group, for failing to register and pay annual fees as required by the Delete Act. Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms. This is part of a broader enforcement effort against non-compliant data brokers.
$101K
The California Privacy Protection Agency (CPPA) settled with two data brokers, PayDae, Inc. (Infillion) and The Data Group, LLC, for failing to register as required by Senate Bill 362 (the Delete Act). Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms to ensure future compliance with registration requirements.
The California Privacy Protection Agency (CPPA) settled with data brokers Growbots, Inc. and UpLead LLC for failing to register and pay annual fees under the California Delete Act. Growbots paid $35,400 and UpLead paid $34,400, and both agreed to injunctive terms including payment of attorney fees for non-compliance. This action enforces the Delete Act's requirements for data broker transparency and consumer privacy.
$70K
The California Privacy Protection Agency (CPPA) announced an investigative sweep to enforce data broker registration compliance under the Delete Act. Data brokers must register annually and pay fees, with penalties of $200 per day for non-compliance. The CPPA will take enforcement actions against unregistered data brokers and is developing a consumer deletion platform (DROP) for 2026.
Texas Attorney General Ken Paxton issued warning letters to over 100 data brokers for failing to register with the Texas Secretary of State as required by the Texas Data Broker Law. The law, which took effect March 1, 2024, mandates that data brokers register and implement data protection safeguards. This enforcement action is part of a new initiative to protect Texans' privacy.
Texas Attorney General Ken Paxton sent notification letters to over 100 companies for failing to register as data brokers under Texas Business and Commerce Code Chapter 509, which requires registration by March 1, 2024, and implementation of data safeguards. This action is part of an initiative to enforce privacy laws and protect consumer data.
The FTC finalized an order against data broker X-Mode and its successor Outlogic for selling precise location data that could track visits to sensitive locations like medical clinics and places of worship. The order bans them from sharing or selling sensitive location data and requires them to delete collected data, implement privacy programs, and ensure downstream compliance.
The California Privacy Protection Agency settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and agree to injunctive terms. This is the fifth enforcement action in a sweep against unregistered data brokers.
$56K
The California Privacy Protection Agency (CPPA) settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and comply with injunctive terms, including covering attorney fees for non-compliance. This is the fifth enforcement action in CPPA's sweep against unregistered data brokers.
$56K
The FTC and CFPB settled with Trans Union LLC and its subsidiary for violating the Fair Credit Reporting Act by including inaccurate and incomplete eviction records in tenant screening reports, harming consumers' ability to obtain housing. The settlement requires Trans Union to pay $15 million, with $11 million for consumer compensation and $4 million as a civil penalty, and to implement measures to ensure report accuracy and disclose data sources.
$15.0M
The FTC settled with background report providers TruthFinder and Instant Checkmate, charging they deceived consumers about the accuracy of their reports (often mischaracterizing traffic tickets as criminal records) and violated the Fair Credit Reporting Act (FCRA) by operating as consumer reporting agencies without following its requirements, including ensuring accuracy and limiting permissible purposes. The companies will pay a $5.8 million penalty and implement a comprehensive FCRA compliance monitoring program.
$5.8M
The FTC and DOJ settled with MyLife.com, Inc. and its CEO for deceiving consumers with misleading background reports that falsely implied criminal records and for engaging in difficult-to-cancel subscription practices. MyLife violated the Fair Credit Reporting Act, Restore Online Shoppers’ Confidence Act, and Telemarketing Sales Rule. The settlement includes a permanent ban on negative option marketing, $33.9 million in judgments for consumer refunds, and a monitoring program.
$33.9M
AppFolio, Inc., a tenant background report provider, settled with the FTC for $4.25 million over allegations it violated the Fair Credit Reporting Act by failing to implement reasonable procedures to ensure the accuracy of its screening reports and by including eviction and non-conviction criminal records older than seven years. The settlement prohibits including old records and requires maintaining accuracy procedures.
$4.3M