Privacy officials in California have charged the Texas-based company Datamasters, which allegedly sold health data, with violating a state privacy law by failing to register as a
data broker.
Datamasters setttled the matter by agreeing to pay $45,000, delete all California residents' personal information that it had purchased, and stop selling
Californians' personal information.
The California Privacy Protection Agency accepted the settlement on December 30.
The agency's order, unveiled Thursday, includes allegations that Datamasters purchased and sold a host of health data -- including
addresses, phone numbers, and email addresses of people with conditions such as Alzheimer's disease, drug addiction and incontinence -- in order to facilitate targeted advertising.
In addition to health information, Datamasters also allegedly offered marketing lists based on data such as ethnicity, age, purchase behavior, political views and investment
activity.
advertisement
advertisement
“In the wrong hands, these lists could be used to target people for more than just advertising,” Michael Macko, the agency's head of
enforcement, stated. "The same risks apply to selling lists of seniors, people who identify as conservative or liberal, or
people who purchase sensitive health products. History teaches us that certain types of lists can be dangerous.”
Califorina's Delete Act, passed in 2023, requires data brokers to register each year with the California Privacy Protection Agency. Another
provision, slated to take effect this year, will enable California residents to remove their information from all data brokers in the state, via a single opt-out mechanism.
The
order says Datamasters attempted to comply with the state's privacy laws, but "the company's efforts were imperfect."
"Datamasters lacked sufficient written policies and
procedures to ensure compliance with the Delete Act," the order states.