Court Rules

Privacy Enforcement Tracker

1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.

1,285

Total Actions

14

Jurisdictions

$35.3B+

Total Fines Tracked

Access this data programmatically:MCP Server API Docs
JurisdictionAllHHSFTCCTCANJTXNYCPPAORFL
ViolationAllData BreachHealth DataSecurity FailureUnauthorized Data SharingNotice FailureConsent FailureChildren's DataOpt-Out FailureData Broker Non-ComplianceDark PatternsGeolocation DataStudent Data
IndustryAllTechnologyGamingEducation TechnologyHealthcareFinancial ServicesSocial MediaAdvertising TechnologyData BrokerTelecommunicationsMedia & Entertainment
RiskAllCriticalHighMediumLow
Showing 5 resultsClear all filters
FTCSettlement

Golden Sunrise Nutraceutical, Inc.(Golden Sunrise Nutraceutical)

The FTC distributed refunds to consumers who purchased deceptively marketed treatment plans from Golden Sunrise Nutraceutical. The company and its medical director were barred from making unsupported health claims about curing COVID-19, cancer, and Parkinson's disease after a court order in September 2025. Over $40,700 was sent to 578 consumers, with additional claims possible until May 2026.

MediumSecurity Failure

$103K

FTCConsent DecreeMultistate

Easy Healthcare Corporation(Easy Healthcare)

The FTC charged Easy Healthcare Corporation, operator of the Premom fertility app, with deceiving users by sharing their sensitive health data with third parties for advertising without consent and failing to notify breaches as required by the Health Breach Notification Rule. Under a proposed consent decree, the company will pay a $100,000 civil penalty, be barred from sharing health data for advertising, and must implement privacy and security measures.

MediumUnauthorized Data SharingConsent FailureNotice Failure

$100K

FTCConsent Decree

CafePress

The FTC finalized an order against CafePress for failing to secure consumer data and covering up a data breach. The company must implement comprehensive security measures, and its former owner must pay $500,000 in redress to victims.

MediumSecurity FailureData BreachBreach Notification Delay

$500K

FTCConsent Decree

Residual Pumpkin Entity, LLC and PlanetArt, LLC(CafePress)

The FTC took action against CafePress for failing to secure consumer data and covering up a major data breach. The company stored sensitive information insecurely and delayed notifying customers. As part of the settlement, Residual Pumpkin must pay $500,000 in redress, and both companies must implement comprehensive security programs.

MediumData BreachSecurity FailureNotice Failure

$500K

FTCSettlement

Residual Pumpkin Entity, LLC and PlanetArt, LLC(CafePress)

The FTC settled with CafePress's former owner Residual Pumpkin Entity, LLC and buyer PlanetArt, LLC over data security failures that led to a breach exposing Social Security numbers and other sensitive data. Residual Pumpkin paid $500,000 for victim compensation, and both companies must implement comprehensive security programs. A claims process is open for affected consumers until March 10, 2024.

MediumSecurity FailureData Breach

$500K

Explore Enforcement Data

By Jurisdiction

HHS Office for Civil Rights554 Federal Trade Commission109 Connecticut Attorney General101 California Attorney General55 New Jersey Attorney General50 Texas Attorney General39 New York Attorney General34 California Privacy Protection Agency19 Oregon Attorney General16 Florida Attorney General12 Massachusetts Attorney General6 Illinois Attorney General3 WA1 Virginia Attorney General1

By Violation Type

Data Breach619 Health Data615 Security Failure583 Unauthorized Data Sharing173 Notice Failure102 Consent Failure89 Children's Data69 Opt-Out Failure42 Data Broker Non-Compliance24 Dark Patterns20 Geolocation Data18 Student Data18

By Industry

TechnologyGamingEducation TechnologyHealthcareFinancial ServicesSocial MediaAdvertising TechnologyData BrokerTelecommunicationsMedia & EntertainmentGovernmentRetailInsuranceOther