CPPA Takes Action Against National Public Data for Non-Compliance

On February 20, 2025, the enforcement division of the California Privacy Protection Agency (CPPA) took action against National Public Data, not for the data breach of 2.9 billion records, but for its failure to register as a data broker in California. This action underscores the importance of regulatory compliance, even in the absence of data breaches. The broader implications include the necessity for businesses to comply with local data protection laws, regardless of their size or industry. Security professionals must ensure that their organizations meet all legal requirements to avoid potential penalties.