The California Privacy Protection Agency (CalPrivacy) has fined Datamasters, a marketing firm, $45,000 for selling health and personal data of millions without proper registration as a data broker. Under California law, businesses must register their data brokerage activities by January 31 each year. Datamasters' violations were significant enough that the agency has now barred the company from selling personal information of Californians. The data sold included sensitive information about individuals with medical conditions, along with demographic details like age and perceived race. CalPrivacy's final order revealed that Datamasters resold extensive lists for targeted advertising, including categories based on political views and shopping habits. Despite claiming it did not conduct business in California, the company later admitted to managing Californians' data when confronted with evidence. The firm was also directed to delete all previously acquired personal information of California residents by the end of December and must remove any new data received within 24 hours. In a separate case, S&P Global faced a $62,600 fine for failing to register as a data broker for 2024 due to an administrative error. The agency noted that S&P Global acted quickly to correct its registration status, but it remained unregistered for 313 days. CalPrivacy's actions highlight the state's commitment to enforcing data privacy regulations and holding companies accountable for compliance.