California bans Datamasters from reselling health data of millions

First reported

11.01.2026 17:23

Last updated

12.01.2026 18:00

2 unique sources, 2 articles

Summary

Hide ▲

The California Privacy Protection Agency (CalPrivacy) has fined and banned Datamasters, a Texas-based marketing firm, from selling personal and health data of millions of Californians. The company was found to be operating as an unregistered data broker, violating the California Delete Act. Datamasters resold sensitive health data, including information about medical conditions, age, race, political views, and financial activity, for targeted advertising. CalPrivacy imposed a $45,000 fine and ordered the company to delete all collected data by the end of December 2025. The actions align with the launch of the Delete Request and Opt-out Platform (DROP), which allows consumers to request deletion of their personal information from all registered data brokers in a single step.

Timeline

11.01.2026 17:23 2 articles · 2d ago

California bans Datamasters from reselling health data
The California Privacy Protection Agency (CalPrivacy) has fined and banned Datamasters, a Texas-based marketing firm, from selling personal and health data of millions of Californians. The company was found to be operating as an unregistered data broker, violating the California Delete Act. Datamasters resold sensitive health data, including information about medical conditions, age, race, political views, and financial activity, for targeted advertising. CalPrivacy imposed a $45,000 fine and ordered the company to delete all collected data by the end of December 2025. The actions align with the launch of the Delete Request and Opt-out Platform (DROP), which allows consumers to request deletion of their personal information from all registered data brokers in a single step.
Show sources

California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23

California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
Open in new tab

Information Snippets

Datamasters was fined $45,000 for failing to register as a data broker under the California Delete Act.
First reported: 11.01.2026 17:23

2 sources, 2 articles
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
The company resold health data of millions, including information about medical conditions like Alzheimer’s, drug addiction, and bladder incontinence.
First reported: 11.01.2026 17:23

2 sources, 2 articles
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
Datamasters also sold lists based on age, race, political views, grocery purchases, banking activity, and health-related purchases.
First reported: 11.01.2026 17:23

2 sources, 2 articles
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
The collected data included names, email addresses, physical addresses, and phone numbers of hundreds of millions of records.
First reported: 11.01.2026 17:23

2 sources, 2 articles
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
CalPrivacy ordered Datamasters to delete all previously purchased Californians' personal information by the end of December 2025.
First reported: 11.01.2026 17:23

2 sources, 2 articles
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
Datamasters must delete any future data belonging to Californians within 24 hours of receiving it.
First reported: 11.01.2026 17:23

2 sources, 2 articles
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
The company must maintain compliance measures for the next five years and submit a report of its privacy practices one year later.
First reported: 11.01.2026 17:23

1 source, 1 article
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
CalPrivacy also fined S&P Global Inc. $62,600 for failing to register as a data broker by the January 31st, 2025 deadline, due to an administrative error.
First reported: 11.01.2026 17:23

2 sources, 2 articles
Show sources
- California bans data broker reselling health data of millions — www.bleepingcomputer.com — 11.01.2026 17:23
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
The California Privacy Protection Agency (CPPA) warned that information linked to medical conditions and personal behavior can pose serious risks when circulated for commercial gain.
First reported: 12.01.2026 18:00

1 source, 1 article
Show sources
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00
The actions align with the launch of the Delete Request and Opt-out Platform (DROP), which allows consumers to request deletion of their personal information from all registered data brokers in a single step.
First reported: 12.01.2026 18:00

1 source, 1 article
Show sources
- California Shuts Down Health Data Resales By Unregistered Brokers — www.infosecurity-magazine.com — 12.01.2026 18:00

Similar Happenings

Noncompliance with CCPA by Data Brokers

A study from the University of California, Irvine, reveals that half of data brokers in California are not complying with the California Consumer Privacy Act (CCPA). These brokers often fail to respond to consumer requests to access or delete personally identifiable information (PII) within the required 45-day timeframe. This noncompliance poses significant privacy risks, as the personal data in these databases can be compromised despite anonymization efforts. The study found that only 42% of data brokers responded to verifiable consumer requests (VCRs) made via phone or email, while 71% responded to form-based VCRs. The lack of compliance is attributed to the complexity of the regulations and the learning curve associated with implementing them. The study also highlights the paradoxical nature of verifying PII with data brokers, as consumers must provide PII to determine if a broker holds their data. However, the CCPA includes provisions to prevent the storage and use of this validating data after the query.

Open in new tab