On May 8, the California Privacy Protection Agency (CPPA) ordered a Florida-based data broker to pay a $46,000 fine for failing to register and pay an annual fee as required by the Delete Act. The CPPA noted that the enforcement action followed a security breach of the data broker last year that exposed 2.9 billion records, including names and Social Security numbers. As previously covered by InfoBytes, that enforcement action was initiated after the broker registered 230 days late, and only after an investigation was underway.

On May 6, the CPPA also reported that it ordered a national clothing retailer to pay a $345,178 fine and overhaul its privacy practices following allegations of violating the California Consumer Privacy Act. The agency’s enforcement division claimed the retailer failed to properly manage its privacy portal, delayed processing consumer opt-out requests, and collected excessive information from consumers asserting their privacy rights.

The agency noted these activities followed enforcement actions brought against unregistered data brokers last year and an investigative sweep of data broker compliance with the Delete Act.