California Attorney General Kamala D. Harris recently announced the creation of a new task force designed to enforce consumer privacy laws and to prosecute those companies - located both within and outside the state - that violate those laws. According to the July 18, 2012, statement from the Attorney General's Office, The Privacy Enforcement and Protection Unit will operate within the Department of Justice's eCrime Unit and will includes six prosecutors from the state's Department of Justice, who will investigate and prosecute entities alleged to have violated both state and federal privacy laws. Travis LeBlanc, California's Special Assistant Attorney General for Technology, will direct the law enforcement aspect of The Privacy Unit.
California has some of the strictest state privacy regulations in the United States and its constitution expressly provides a right to privacy. The Privacy Unit will enforce laws regulating how companies can the collect, store, use and destroy of the private or sensitive information of California citizens, including state and federal laws relating to consumer and on-line privacy, health care and financial information, identity theft, government records and data security breaches.
In statements to the media, LeBlanc has indicated that online and mobile privacy will be a particular focus of the state's enforcement actions. "In terms of enforcement, we have targeted our efforts in the mobile space," said LeBlanc. "We're seeing lots of privacy concerns there. Some people see it as the wild, wild West. We intend to start enforcing the California Online Privacy Act."
The creation of The Privacy Unit comes on the heels of the February announcement that the Attorney General Harris had reached an agreement with seven major companies in the online and mobile arena, ensuing that the companies would abide by California's Online Privacy Protection Act with respect to privacy policies in their mobile platforms and would enhance transparency in their privacy practices related to apps. The Privacy Unit reportedly will meet with these companies in August or September to evaluate their progress in implementing the agreement.
In statements to the media, LeBlanc also indicate that The Privacy Unit will scrutinize the privacy practices of companies that do business in California - regardless of whether they are located within or outside the state. "We are going to do outreach to companies, to make sure they know their obligations," he said. "And make sure that when there are violations of California privacy laws, we will enforce them."
Recent amendments to the state's data breach notification laws that went into effect in 2012 also require companies to report breaches to the Office of the Attorney General if personal information of more than 500 Californians is involved, and The Privacy Unit reportedly will produce annual reports identifying data breaches based on those notifications.
In addition to enforcement, The Privacy Unit will also focus on educating consumers and creating partnerships with industry and innovators. Joanne McNabb, formerly of the California Office of Privacy Protection, will serve as the Director of Privacy Education and Policy, and will oversee the Privacy Unit's education and outreach efforts.
For more information about the content of this alert, please contact Michael Thurman, Michael Mallow or Ieuan Jolly.
Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.