The Federal Trade Commission sent letters to 13 data brokers warning them of their responsibility to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA).
PADFAA prohibits data brokers from selling, releasing, disclosing, or providing access to personally identifiable sensitive data about Americans to any foreign adversary, which include North Korea, China, Russia, and Iran, or any entity controlled by those countries. The law defines personally identifiable sensitive data to include health, financial, genetic, biometric, geolocation, and sexual behavior information as well as account or device log-in credentials and government-issued identifiers such as Social Security, passport, or driver’s license numbers.
“The FTC is committed to enforcing PADFAA and ensuring companies are complying with its requirements,” said Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection. “These letters should send a message to all data brokers to be aware of the law’s requirements and ensure they are not engaging in practices that violate it.”
The letters note that the agency has identified instances in which some of the letter’s recipients have “offered solutions and insights involving the status of an individual as a member of the Armed Forces. Such information is subject to PADFAA’s requirements.”
The letters warn the companies to conduct a comprehensive review of their business practices to ensure they comply with PADFAA, adding that a violation of the act may result in an enforcement action by the FTC, which could include civil penalties of up to $53,088 per violation.
The lead staffers on this matter include Katherine McCarron and Bhavna Changrani with the FTC’s Bureau of Consumer Protection.