As noted in the non-compliance notice letters, the potential cost to mobile application developers of not meeting the CalOPPA requirements can be substantial. Violations of CalOPPA may result in penalties of up to $2,500 per violation which, for mobile applications, means up to $2,500 for each copy of the non-compliant application that is downloaded by California consumers. Since Attorney General Harris has started by targeting the most popular non-compliant applications, including, reportedly, the mobile applications of Delta Airlines, United Continental Holdings and OpenTable , the penalties assessed could potentially be substantial.
An additional noteworthy aspect of the non-compliance notice letters is that they are sent on behalf of Attorney General Harris by Adam Miller, Supervising Deputy Attorney General of the newly-created Privacy Enforcement and Protection Unit. The Privacy Enforcement and Protection Unit was established earlier this year and granted authority to enforce state and federal privacy laws and regulations. The non-compliance notices confirm speculation made at the time of the Privacy Unit’s establishment that the application of CalOPPA to mobile applications would reside high on the list of the Unit’s priorities.
All indications from the Attorney General’s office suggest that this is merely the beginning of a prolonged campaign. In other words, now is the time for mobile application developers to ensure that applications meet the requirements of California state law, before the 30 day clock is ticking for you. If you need assistance, or have questions, the Mintz Privacy and Security team is here to help.