Court Rules

Privacy Enforcement Tracker

1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.

1,285

Total Actions

14

Jurisdictions

$35.3B+

Total Fines Tracked

Access this data programmatically:MCP Server API Docs
JurisdictionAllHHSFTCCTCANJTXNYCPPAORFL
ViolationAllData BreachHealth DataSecurity FailureUnauthorized Data SharingNotice FailureConsent FailureChildren's DataOpt-Out FailureData Broker Non-ComplianceDark PatternsGeolocation DataStudent Data
IndustryAllTechnologyGamingEducation TechnologyHealthcareFinancial ServicesSocial MediaAdvertising TechnologyData BrokerTelecommunicationsMedia & Entertainment
RiskAllCriticalHighMediumLow
Showing 34 resultsClear all filters
FTCSettlement

Ascension Data & Analytics, LLC(Ascension Data & Analytics)

Ascension Data & Analytics, LLC, a mortgage analytics company, settled FTC allegations that it violated the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor adequately protected consumer data. The vendor stored sensitive mortgage information in plain text on a cloud server, leading to unauthorized access. Ascension must implement a data security program, undergo biennial assessments, and report future breaches.

LowSecurity Failure
FTCConsent Decree

Midwest Recovery Systems(Midwest Recovery)

The FTC settled with Midwest Recovery Systems for engaging in 'debt parking,' where it placed inaccurate debts on consumers' credit reports to force payment. The company collected over $24 million from such debts. The settlement requires it to delete all reported debts, stop the practice, and pay a $24.3 million monetary judgment.

CriticalUnauthorized Data SharingHealth Data

$24.3M

CASettlement

Wells Fargo Bank(Wells Fargo)

Wells Fargo Bank recorded consumer phone calls without providing timely notice as required by California law, violating privacy statutes. The settlement imposes a $7.616 million civil penalty, requires compliance with disclosure standards, and mandates an internal compliance program to protect consumer privacy.

HighNotice Failure

$7.6M

CAEnforcement Action

Citibank, N.A.(Citibank)

In 2013, the California Attorney General filed a complaint against Citibank, N.A. alleging that the bank failed to implement adequate security measures and did not properly notify customers about a data breach exposing personal and financial information. The complaint asserts violations of California's data breach notification law.

LowSecurity FailureBreach Notification Delay

Explore Enforcement Data

By Jurisdiction

HHS Office for Civil Rights554 Federal Trade Commission109 Connecticut Attorney General101 California Attorney General55 New Jersey Attorney General50 Texas Attorney General39 New York Attorney General34 California Privacy Protection Agency19 Oregon Attorney General16 Florida Attorney General12 Massachusetts Attorney General6 Illinois Attorney General3 WA1 Virginia Attorney General1

By Violation Type

Data Breach619 Health Data615 Security Failure583 Unauthorized Data Sharing173 Notice Failure102 Consent Failure89 Children's Data69 Opt-Out Failure42 Data Broker Non-Compliance24 Dark Patterns20 Geolocation Data18 Student Data18

By Industry

TechnologyGamingEducation TechnologyHealthcareFinancial ServicesSocial MediaAdvertising TechnologyData BrokerTelecommunicationsMedia & EntertainmentGovernmentRetailInsuranceOther