Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

California to get tough on online privacy

The state's attorney general will establish an office dedicated to digital privacy and prosecutions

California's top legal official has put the tech industry on notice that she intends to get tough on digital privacy.

Attorney General Kamala Harris said Thursday she is forming a new group within the state's Justice Department, the Privacy Enforcement and Protection Unit, to oversee privacy issues and prosecute companies that run afoul of the state's strict privacy laws.

The new unit's impact could extend beyond California, because it will police not just companies based in the state but all companies that do business there.

"This means that their privacy practices are going to be scrutinized a lot more by the Attorney General's office," Travis LeBlanc, special assistant attorney general for technology, said in an interview.

"We are going to do outreach to companies, to make sure they know their obligations," he said. "And make sure that when there are violations of California privacy laws, we will enforce them."

The unit will also perform outreach and education campaigns for state residents.

California has some of the strictest privacy regulations in the U.S., and unlike in many other states, the right to privacy is spelled out in the state's constitution.

"Typically, we've been a bellwether state," said LeBlanc. "We were the first state to pass a 'do not call' list and the first to pass a law requiring data breaches are notified to consumers."

Formation of the unit puts California ahead of other states when it comes to online privacy, said Justin Brookman, director of consumer privacy at the Center for Democracy and Technology. Brookman worked in the New York Attorney General's office from 2004 to 2009.

"One advantage the states have is they can move more quickly on issues [than the U.S. Federal Trade Commission]," he said.

The FTC will generally take time to consider issues in detail, and that can mean it is more likely to get things right, but the states have the advantage when it comes to awarding large fines, he said.

State law often allows companies to be fined for each infraction they make, whereas the FTC will usually fine a company only after it has been found guilty and re-committed the same violation, said Brookman.

The unit will be part of the California Justice Department's electronic crimes unit, and its staff will include six prosecutors who specialize in privacy enforcement. Some staff have already been hired, and LeBlanc said he expects the unit to be fully staffed in a few months.

Announcement of the unit comes five months after the California attorney general said she had reached an agreement with Apple, Google, Research In Motion, Amazon, Hewlett-Packard and Microsoft, to ensure that users can read the privacy policies on all mobile applications before downloading and installing the apps. The group was joined by Facebook in June.

One of the unit's first tasks will be a check-in with the companies to see how they have lived up to the agreement.

"In terms of enforcement, we have targeted our efforts in the mobile space," said LeBlanc. "We're seeing lots of privacy concerns there. Some people see it as the wild, wild West. We intend to start enforcing the California Online Privacy Act."

In terms of the unit's impact beyond state borders, it could face challenges from companies under U.S. federal interstate commerce laws if it tries to make too big a change on digital business practices, said Brookman.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com

Recommended

  1. How to avoid “always-on” fatigue

  2. Profitable future for data centre services market: report

  3. From CMO to CEO: Anametrix’s Pelin Thorogood

    CMO

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Customer Success - Slater & Gordon Lawyers
    Lawyers work hard, and they work fast. Any activity that takes their focus away from the task at hand represents lost productivity and lost revenue. Slater & Gordon Lawyers needed to filter spam and email-borne malware and provide high availability for email. Results from the business solution they chose include 250 hours of IT staff time reclaimed annually for other tasks, long delays in email delivery alleviated, reduced email-related storage costs, and email failover to the cloud in minutes, avoiding hours-long outages. Find out how they got these results.
    Learn more »
  • How Web Security Improves Productivity and Compliance
    In this white paper, we will look at how secure web gateways, one type of information security technology, can provide benefits to many departments within any business or government agency. Download now.
    Learn more »
  • Deploying Flash in the Enterprise
    Flash is quickly emerging as the preferred way to overcome the nagging performance limitations of hard disk drives. However, because flash comes at a significant price premium, outright replacement of HDDs with flash only makes sense in situations in which capacity requirements are relatively small and performance requirements are high. Learn how deployment approaches-including hybrid storage arrays, server flash, and all-flash arrays-that combine the performance of flash with the capacity of HDDs can be cost effective for a broad range of performance requirements.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments