Last week, the California Privacy Protection Agency (CPPA) announced settlements with two data brokers, Growbots, Inc. and UpLead LLC, for failure to register and pay the fees required of a data broker under the California Delete Act.

Growbots is a software company that provides an outbound sales platform to help users find, engage with, and connect with potential customers. UpLead is a business-to-business data provider that offers a platform for businesses to access and find accurate contact information for potential customers.

The Delete Act requires data brokers to register with the CPPA and pay an annual fee to fund the California Data Broker Registry. Data brokers can face fines of $200 per day for failing to register by the deadline. Each company has agreed to pay fines: Growbots will pay $35,400 and UpLead will pay $34,400. Each company has also agreed to pay the CPPA’s legal costs which were incurred between February and July 2024.

The registration fees will be used to develop the Data Broker Requests and Opt-Out Platform (DROP), which is set to be the first deletion mechanism that will allow consumers to request deletion from all data brokers with one single web form request. The CPPA anticipates that DROP will be available in 2026 in the CPPA’s website. These settlements, along with the newly adopted regulations for data brokers under the Delete Act, indicate that the CPPA will continue to focus its efforts on the privacy practices (and privacy pitfalls) of data brokers.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.