California To Crack Down On Privacy Violations
California Attorney General Kamala Harris has created a new unit to target companies that violate the state's data privacy laws.
The six-person Privacy Enforcement and Protection Unit will enforce a variety of privacy-related laws, including regulations about data collection, financial records and identity theft.
Creating the new unit marks the latest in a series of privacy initiatives by Harris. Earlier this year, she convinced six major app platforms -- including Google, Apple and Research in Motion -- to sign an agreement promising they will require developers to offer privacy policies if their apps collect personal data from users.
Several weeks ago, she announced that Facebook signed on to that pact.
California has some particularly strong ammunition when it comes to privacy. A state law that took effect in 2004 requires Web companies to conspicuously post their privacy policies. California's constitution also specifies that people have the right to privacy.
The state's unfair competition law also allows the attorney general to seek fines from companies that engage in unfair or deceptive practices, such as failing to follow their privacy policies. By contrast, the Federal Trade Commission typically is limited to obtaining consent decrees when companies violate their privacy policies, although it can fine companies that subsequently violate that decree.
Justin Brookman, director of consumer privacy at the digital rights group Center for Democracy & Technology, says the new unit likely will lead to more privacy cases against Web companies and developers. "With more cops on the beat, there's more chance for enforcement," says Brookman, who previously served as chief of the Internet Bureau of the New York Attorney General's office.
Harris isn't the only state attorney general concerned about digital privacy. Last month, Maryland Attorney General Douglas Gansler, who also serves as president of the National Association of Attorneys General, said he intends to focus on Internet privacy.
Earlier this year, New Jersey Attorney General Jeffrey Chiesa made headlines by suing 24x7digital for allegedly violating the Children's Online Privacy Protection Act by collecting personal information from young children, including preschoolers. One reason the move drew attention was because state authorities rarely bring cases alleging violations of that law.