CalPrivacy followed up on its threat from last year to focus on data brokers. This month it settled with Rickenbacher Data LLC for failure to register as a data broker. The company is a Texas-based company that operates as Datamasters, and – according to CalPrivacy – buys and resells personal information to facilitate targeted advertising.
The stipulated order indicated that the company bought and sold lists that disclosed health conditions like Alzheimer's and drug addiction. Lists were promoted based on sensitive classes. The website promoted, for example, a "senior list" and a "Hispanic list." The Board emphasized that these activities took place in 2024 without the proper registration required under California law. After being contacted by CaPrivacy, the company registered as a data broker -but denied that it was a data broker as it did not sell Californians' personal information (although it did receive it).
CalPrivacy found that although Datamasters tried to fall outside of California's law by scrubbing out Californian's information, the process in which it did that was "imperfect." The agency concluded that the company was subject to – and had violated – California's Delete Act. It imposed a $45,000 fine, and the company agreed not to sell Californian's personal information. The company also agreed to put in place sufficient policies and procedures in place to ensure that any Californians' information that it does receive is deleted.
Putting it into Practice: For data brokers looking to avoid being subject to the Delete Act, this case is a cautionary tale. It demonstrates not only the focus California has on data broker activity -and the need to register- but also the steps it expects companies to take to remove Californians' information from their databases should they be trying to stay outside of the laws' requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]
