California Attorney General Kamala D. Harris recently announced
the creation of a new task force designed to enforce consumer
privacy laws and to prosecute those companies - located both within
and outside the state - that violate those laws. According to the
July 18, 2012, statement from the Attorney
General's Office, The Privacy Enforcement and Protection Unit
will operate within the Department of Justice's eCrime Unit and
will includes six prosecutors from the state's Department of
Justice, who will investigate and prosecute entities alleged to
have violated both state and federal privacy laws. Travis LeBlanc,
California's Special Assistant Attorney General for Technology,
will direct the law enforcement aspect of The Privacy Unit.
California has some of the strictest state privacy regulations
in the United States and its constitution expressly provides a
right to privacy. The Privacy Unit will enforce laws regulating how
companies can the collect, store, use and destroy of the private or
sensitive information of California citizens, including state and
federal laws relating to consumer and on-line privacy, health care
and financial information, identity theft, government records and
data security breaches.
In statements to the media, LeBlanc has indicated that online
and mobile privacy will be a particular focus of the state's
enforcement actions. "In terms of enforcement, we have
targeted our efforts in the mobile space," said LeBlanc.
"We're seeing lots of privacy concerns there. Some people
see it as the wild, wild West. We intend to start enforcing the
California Online Privacy Act."
The creation of The Privacy Unit comes on the heels of the
February announcement that the Attorney General Harris had reached
an agreement with seven major companies in the online and mobile
arena, ensuing that the companies would abide by California's
Online Privacy Protection Act with respect to privacy policies in
their mobile platforms and would enhance transparency in their
privacy practices related to apps. The Privacy Unit reportedly will
meet with these companies in August or September to evaluate their
progress in implementing the agreement.
In statements to the media, LeBlanc also indicate that The
Privacy Unit will scrutinize the privacy practices of companies
that do business in California - regardless of whether they are
located within or outside the state. "We are going to do
outreach to companies, to make sure they know their
obligations," he said. "And make sure that when there are
violations of California privacy laws, we will enforce
Recent amendments to the state's data breach notification
laws that went into effect in 2012 also require companies to report
breaches to the Office of the Attorney General if personal
information of more than 500 Californians is involved, and The
Privacy Unit reportedly will produce annual reports identifying
data breaches based on those notifications.
In addition to enforcement, The Privacy Unit will also focus on
educating consumers and creating partnerships with industry and
innovators. Joanne McNabb, formerly of the California Office of
Privacy Protection, will serve as the Director of Privacy Education
and Policy, and will oversee the Privacy Unit's education and
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.