Cementing her reputation as a privacy hawk, California Attorney General Kamala Harris is requiring the online startup Houzz to hire a chief privacy officer in order to resolve allegations that the company violated a state law.
Houzz, which bills itself as a platform for home remodeling, allegedly recorded phone calls with people who registered as "professional modelers" with the site, without their permission.
"According to Houzz, on or about March 29, 2013, Houzz's sales staff in its Orange County office began a practice of recording all outgoing calls," the Attorney General alleges in a complaint filed on Friday in Santa Clara County Superior Court "Recipients of the calls were not notified that the calls were being recorded."
In July, Houzz allegedly began recording all calls -- incoming as well as outgoing -- without informing the people on the other end of the phone.
California law prohibits anyone from recording conversations without the consent of all parties.
“Houzz violated the trust of its professionals, customers, and employees by recording calls without permission,” Harris said in a statement. “This settlement holds Houzz accountable for violating state privacy laws and ensures that the company will stop recording calls without permission.”
The agreement calls for Houzz to hire a chief privacy officer, conduct a risk assessment, and pay $175,000.
California -- which is one of 12 states that doesn't allow conversations to be taped without both parties' consent -- has other privacy regulations that don't exist in other parts of the country. Among others, the 2003 California Online Privacy Protection Act requires that companies that collect data must post links to their privacy policies on their home pages.
Harris interprets that law as requiring app developers to offer privacy policies if the apps collect personal information, including geolocation data.
In October of 2012, she notified 100 companies -- including United Airlines, Delta Air Lines and Open Table -- that they risked an enforcement action if they failed to include privacy policies in their apps.
Delta prevailed in that matter in 2013, when a state court judge accepted the company's argument that a federal law governing airlines trumped California's consumer protection laws.
California also has its own version of "do-not-track." That measure require some Web companies to state how they respond to do-not-track requests -- including ones sent by users' browsers. The law only applies to companies that collect “personally identifiable information,” but the term includes not only names, email addresses and phone numbers, but also device identifiers and geolocation data.