Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Broker. Show all posts
leaked sensitive data
California Customer Data Data Breach Data Broker Data Privacy data privacy regulations data security leaked sensitive data

California Privacy Regulator Fines Datamasters for Selling Sensitive Consumer Data Without Registration

 

The California Privacy Protection Agency (CalPrivacy) has taken enforcement action against Datamasters, a marketing firm operated by Rickenbacher Data LLC, for unlawfully selling sensitive personal and health-related data without registering as a data broker. The Texas-based company was found to have bought and resold information belonging to millions of individuals, including Californians, in violation of the California Delete Act. 

Under the Delete Act, companies engaged in buying or selling consumer data are required to register annually as data brokers by January 31. Beginning in 2026, the law will also enable consumers to use a centralized online tool known as the Delete Request and Opt-out Platform (DROP), which allows individuals to request the deletion of their personal information from all registered data brokers at once. 

CalPrivacy imposed a $45,000 fine on Datamasters for failing to register within the required timeframe. Due to the seriousness and continued nature of the violations, the agency also prohibited the company from selling personal information related to Californians. According to the regulator’s final order, Datamasters continued operating as an unregistered data broker despite repeated efforts by the agency to bring it into compliance. 

The investigation found that Datamasters purchased and resold data linked to people with specific medical conditions, including Alzheimer’s disease, drug addiction, and bladder incontinence, primarily for targeted advertising purposes. In addition to health data, the company traded consumer lists categorized by age and perceived race, marketing products such as “Senior Lists” and “Hispanic Lists.” The datasets also included information tied to political views, grocery shopping behavior, banking activity, and health-related purchases.  

The scope of the data involved was extensive, reportedly consisting of hundreds of millions of records containing names, email addresses, physical addresses, and phone numbers. CalPrivacy identified the nature and scale of the data processing as a significant risk to consumer privacy, particularly given the sensitive characteristics associated with many of the records. 

An aggravating factor in the case was Datamasters’ response to regulatory scrutiny. The company initially claimed it did not conduct business in California or handle data belonging to Californians. When confronted with evidence to the contrary, it later acknowledged processing such data and asserted that it manually screened datasets, a claim regulators found unconvincing. The agency noted that Datamasters resisted compliance efforts while continuing its data brokerage activities. 

As part of the enforcement order, signed on December 12, Datamasters was instructed to delete all previously acquired personal information related to Californians by the end of December. The company must also delete any California-related data it may receive in the future within 24 hours. Additionally, Datamasters is required to maintain compliance safeguards for five years and submit a report detailing its privacy practices after one year. 

In a separate action, CalPrivacy fined S&P Global Inc. $62,600 for failing to register as a data broker for 2024 by the January 31, 2025 deadline. The agency noted that the lapse, which lasted 313 days, was due to an administrative error and that the company acted promptly to correct the issue once identified.
Read more »
Privacy
Data Broker Data Laws Data Leak data security Privacy

Data in Danger: Analyzing the Alleged Data Broker Breach

Data in Danger: Analyzing the Alleged Data Broker Breach

The protection of personal data is of utmost importance. A recent report has brought to public attention an alleged significant data breach involving a U.S. data broker. This incident, which purportedly affects billions of records and over 300 million people, could rank as one of the most substantial data breaches reported this year.

The Alleged Breach: Scope and Impact

Since April, a hacker with a history of selling stolen data has claimed a data breach of billions of records affecting at least 300 million people from a US data broker, making it one of the year's greatest reported data breaches. 

The data in question, while seemingly authentic to some degree, also exhibits inconsistencies. This ambiguity raises concerns about the integrity of the stolen data. More alarmingly, such information is often accessible through data brokers—companies that accumulate and sell personal data.

Data Brokers: A Privacy Dilemma

Data brokers compile extensive profiles that encompass individuals’ names, addresses, and Social Security numbers, among other personal details. These profiles are then marketed to various entities for purposes ranging from advertising to more dubious activities.

Regulatory Challenges and Data Broker Practices

The potential breach underscores the critical need for more rigorous regulation of data brokers. The current lack of transparency and accountability in their practices presents a considerable threat to privacy and security.

Cybersecurity: A Defensive Imperative

This situation also highlights the essential role of cybersecurity. Organizations must strengthen their defenses to protect sensitive data as cyber threats evolve. Effective measures include deploying advanced encryption technologies, conducting regular security assessments, and training staff on cybersecurity awareness.

Personal Vigilance in Data Sharing

Individuals must also exercise caution with their personal information. It is vital to review the privacy policies of companies and platforms before divulging any personal details. Utilizing services like credit monitoring and identity theft protection can offer additional security layers.

Legislative Response to Data Privacy

The discourse on personal data privacy is becoming increasingly relevant as we delve deeper into the information era. Legislative bodies must establish guidelines promoting ethical data usage and robust protections against such invasive breaches.

Read more »
Subscribe to: Comments (Atom)