California’s Attorney General Kamala Harris announced last week the creation of a new Privacy Enforcement and Protection Unit, including six prosecutors, in the state’s Department of Justice. This new unit intends to protect consumer and individual privacy through prosecution of state and federal privacy laws.
California already has some of the most robust privacy laws in the United States and unlike in many other states, has an explicit right to privacy in the state’s constitution. However, although California privacy laws with private rights of action and statutory damages have been enforced by plaintiffs’ class action lawyers, there has been little if any enforcement by the government. Companies have taken this into account when conducting risk analyses. With the creation of this new enforcement unit, companies should reassess those analyses.
The Privacy Unit will be housed in the eCrime Unit started by Harris in 2011 to prosecute identity theft, data intrusions, and crimes involving the use of technology. The Attorney General’s press release noted that the Privacy Unit will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government, including laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. The new unit doubles the number of prosecutors enforcing privacy laws. In addition, the former director of the California Office of Privacy Protection, Joanne McNabb, will oversee education and outreach efforts as Director of Privacy Education and Policy.
“In the 21st Century, we share and store our most sensitive personal information on phones, computers and even the cloud. It is imperative that consumers are empowered to understand how these innovations use personal information so that we can all make informed choices about what information we want to share,” said Attorney General Harris. “The Privacy Unit will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to invade the privacy of others.”
The creation of the Privacy Enforcement and Protection Unit reflects a growing concern among federal and state regulators that privacy in the rapidly evolving information age has not been adequately protected. The new unit could have an impact well beyond California as it will be policing not only companies that are based in the state but all companies that conduct business there.
This announcement comes just months after Harris signed an agreement with Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research in Motion to ensure that their mobile applications contain privacy policies. Facebook joined the agreement in June.