Privacy Enforcement Tracker

1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.

1,338

Total Actions

Jurisdictions

$50.6B+

Total Fines Tracked

Access this data programmatically:MCP Server API Docs

CASeptember 8, 2023Settlement

Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals (collectively Kaiser)

California Attorney General Rob Bonta, alongside six county district attorneys, announced a $49 million settlement with Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals resolving allegations of unlawful disposal of hazardous waste, medical waste, and protected health information at Kaiser’s California facilities. Undercover inspections of 16 Kaiser facilities found hundreds of hazardous and medical waste items, plus over 10,000 paper records containing personal information of more than 7,700 patients in unsecured, publicly accessible dumpsters. The settlement requires Kaiser to pay $49 million total, implement enhanced compliance measures, and retain an independent auditor for five years to conduct regular waste and programmatic compliance audits.

CriticalHealth DataSecurity FailureData Breach

$49.0M

CAJuly 22, 2019SettlementMultistate

Equifax

California Attorney General Xavier Becerra, leading a multistate coalition of all 50 states, the District of Columbia, and Puerto Rico, announced a settlement with Equifax over a 2017 data breach that exposed personal information of 147 million consumers, including 15 million Californians. The breach resulted from Equifax’s failure to apply a critical software patch and implement adequate security measures, with disclosure delayed for months after discovery. Equifax will pay $175 million in state penalties, up to $425 million in consumer restitution, and implement enhanced data security measures and ten years of free credit monitoring for affected consumers.

CriticalData BreachSecurity FailureBreach Notification Delay

$175.0M

CASeptember 26, 2018SettlementMultistate

Uber Technologies, Inc.(Uber)

Uber Technologies, Inc. settled for $148 million over a 2016 data breach that exposed 57 million users' personal information. The company was accused of covering up the breach by paying hackers and failing to notify authorities or affected drivers as required by law. The settlement includes a large penalty and mandates robust data security practices, privacy-by-design integration, and regular reporting to prevent future incidents.

CriticalData BreachNotice FailureSecurity Failure

$148.0M

CAMay 23, 2017SettlementMultistate

Target

Target settled a multi-state enforcement action for a 2013 data breach that exposed payment card information of over 40 million customers due to inadequate security. The $18.5 million settlement requires Target to implement advanced security measures, and California receives over $1.4 million.

CriticalData BreachSecurity Failure

$18.5M