California Attorney General Kamala Harris announced two major initiatives this year that indicate the California Department of Justice is likely going to increase the enforcement of both state and federal privacy and data security law breaches against app developers and owners.
Mobile and Social App Platform Providers Industry Agreement
In February 2012, Attorney General Harris brokered a Joint Statement of Principles (the “Joint Statement”) with six large, mobile and social platform providers (Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research in Motion) to increase privacy protections for consumers. Facebook also signed the Joint Statement in June 2012 (all seven companies, collectively, the “Platform Providers”). The purpose of the Joint Statement is to strengthen privacy protections for consumers who use apps on their mobile phones, tablets and other devices.
California Department of Justice – Privacy Enforcement and Protection Unit
On July 19, Attorney General Harris announced the creation of the Privacy Enforcement and Protection Unit (“Privacy Protection Unit”) that will increase enforcement of privacy law breaches and educate consumers on privacy issues. The Privacy Protection Unit will be a division of the eCrime Unit (which Attorney General Harris established in 2011 to prosecute identity theft, data intrusions and other crimes involving technology), and it will be staffed with Department of Justice employees, including six prosecutors who will focus solely on (1) policing companies and individuals’ privacy practices; and (2) prosecuting violations of both California and federal privacy laws including without limitation, laws relating to (a) cyber privacy, (b) health privacy, (c) financial privacy, (d) the collection, retention, disclosure and destruction of personal or sensitive information and (e) data breaches.
Enforcement Actions Against App Developers and Owners
Tips for Complying With State and Federal Privacy and Data Security Laws
4. Implement a company-wide data security program that reflects best practices in your industry, and if you suspect there might have been a data security breach, immediately call your attorney to discuss next steps.