Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in.
Any business that meets the definition of data broker must register with the California Privacy Protection Agency annually.
The CPPA defines data brokers as businesses that consumers don't directly interact with, but that buy and sell information about consumers from and to other businesses.
At the moment there are around 480 data brokers registered with the CPPA. However, that might be just the tip of the iceberg, because there are a host of smaller players active that try to keep a low profile.
There are 70 fewer data brokers listed than last year, but it is questionable whether they went out of business or just couldn't be bothered with all the regulations tied to being a listed data broker.
Four of these data brokers are active in all three of these categories: LexisNexis Risk Solutions, Harmon Research Group, Experian Marketing Solutions, and BDO USA, P.C., Global Corporate Intelligence group.
What is particularly disturbing is the traffic in the data of minors.
Children require special privacy protection since they're more vulnerable and less aware of the potential risks associated with data processing.
When it comes to children's data, the CCPA requires businesses to obtain opt-in consent to sell the data of a person under the age of 16.
Children between the ages of 13 and 16 can provide their own consent, but for children under the age of 13, businesses must obtain verifiable parental consent before collecting or selling their data.
Data brokers were under no obligation to disclose information about selling data belonging to minors until the Delete Act was signed into law on October 10, 2023.
The Delete Act is a Californian privacy law which provides consumers with the right to request the deletion of their personal information held by various data brokers subject to the law through a single request.
The next step forward would be if more states followed California's example.
So far only four states-California, Vermont, Oregon, and Texas-have enacted data broker registration laws.
The Children's Online Privacy Protection Act, which regulates children's privacy, does not currently prevent companies from selling data about children.
An update for the bill, that would enhance the protection of minors, is held up in Congress.
If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan.
SCAN NOW. We don't just report on threats - we help safeguard your entire digital identity.
Cybersecurity risks should never spread beyond a headline.
Protect your-and your family's-personal information by using Malwarebytes Identity Theft Protection.
This Cyber News was published on www.malwarebytes.com. Publication date: Mon, 11 Mar 2024 22:13:06 +0000