CPPA Orders Florida Data Broker to Pay Fine

News:

SACRAMENTO, CA — The California Privacy Protection Agency (CPPA) Board has ordered Jerico Pictures, Inc., d/b/a National Public Data, a Florida-based data broker, to pay a $46,000 fine for failing to register and pay an annual fee as required by the Delete Act. The fine represents the maximum penalty available under the law for the company's failure to register.

National Public Data made headlines last year after a data breach at the company reportedly exposed 2.9 billion records, including names and Social Security numbers. In February 2025, the Enforcement Division filed an administrative action seeking to recover the maximum available fine for the company's failure to register, separate from the data breach. The Enforcement Division alleged that National Public Data registered on September 18, 2024 – or 230 days late – and did so only after the Enforcement Division had contacted the company during an investigation.

The Agency's Board issued the order by default after National Public Data failed to challenge these allegations. The order brings to a successful close the Enforcement Division's administrative action.

The case arises from California's Delete Act, which requires data brokers to register and pay an annual fee that funds the California Data Broker Registry.

“Although this case arose under the Delete Act rather than under California's comprehensive consumer privacy law, the takeaway is the same: we will litigate and bring enforcement actions when businesses violate California's privacy laws,” said Michael Macko, the Agency's head of enforcement.

Fees from the Data Broker Registry fund the development of a first-of-its-kind deletion mechanism, called the Delete Request and Opt-Out Platform (DROP), that will allow consumers to direct all data brokers to delete their personal information in a single request. DROP will be available to consumers in 2026.

The CPPA's Recent Enforcement Actions to Protect Californians

The CPPA is actively enforcing California's cutting-edge privacy laws. Recent actions include:

  • Issuing a decision requiring a nationwide clothing retailer, Todd Snyder, Inc., to change its business practices and pay a $345,178 fine for CCPA violations.
  • Issuing a decision requiring American Honda Motor Co. to change its business practices and pay a $632,500 fine for CCPA violations – the second-highest fine in the law's history.
  • Securing a settlement agreement requiring data broker Background Alert – which promoted its ability to dig up “scary” amounts of information about people – to shut down or pay a steep fine.
  • Bringing an enforcement action against National Public Data, Inc., the Florida-based data broker responsible for a data breach that exposed millions of Americans' Social Security numbers and personal information.
  • Launching the bipartisan Consortium of Privacy Regulators to collaborate with states across the country to implement and enforce privacy laws nationwide.
  • Partnering with the data protection authorities in Korea, France, and the United Kingdom to share information and advance privacy protections for Californians.

These activities followed nearly a half-dozen enforcement actions brought against unregistered data brokers late last year, and an investigative sweep of data broker compliance with the Delete Act.

About Us

The California Privacy Protection Agency is committed to promoting the education and awareness of consumers' privacy rights and businesses' responsibilities under the California Consumer Privacy Act.

Californians can visit privacy.ca.gov to access helpful and up–to–date information on how to exercise their rights and protect their personal information. In addition, the Agency's website provides important information about CPPA board meetings, announcements, and the rulemaking process.