California to get tough on online privacy
The state's attorney general will establish an office dedicated to digital privacy and prosecutions
IDG News Service - California's top legal official has put the tech industry on notice that she intends to get tough on digital privacy.
Attorney General Kamala Harris said Thursday she is forming a new group within the state's Justice Department, the Privacy Enforcement and Protection Unit, to oversee privacy issues and prosecute companies that run afoul of the state's strict privacy laws.
The new unit's impact could extend beyond California, because it will police not just companies based in the state but all companies that do business there.
"This means that their privacy practices are going to be scrutinized a lot more by the Attorney General's office," Travis LeBlanc, special assistant attorney general for technology, said in an interview.
"We are going to do outreach to companies, to make sure they know their obligations," he said. "And make sure that when there are violations of California privacy laws, we will enforce them."
The unit will also perform outreach and education campaigns for state residents.
California has some of the strictest privacy regulations in the U.S., and unlike in many other states, the right to privacy is spelled out in the state's constitution.
"Typically, we've been a bellwether state," said LeBlanc. "We were the first state to pass a 'do not call' list and the first to pass a law requiring data breaches are notified to consumers."
Formation of the unit puts California ahead of other states when it comes to online privacy, said Justin Brookman, director of consumer privacy at the Center for Democracy and Technology. Brookman worked in the New York Attorney General's office from 2004 to 2009.
"One advantage the states have is they can move more quickly on issues [than the U.S. Federal Trade Commission]," he said.
The FTC will generally take time to consider issues in detail, and that can mean it is more likely to get things right, but the states have the advantage when it comes to awarding large fines, he said.
State law often allows companies to be fined for each infraction they make, whereas the FTC will usually fine a company only after it has been found guilty and re-committed the same violation, said Brookman.
The unit will be part of the California Justice Department's electronic crimes unit, and its staff will include six prosecutors who specialize in privacy enforcement. Some staff have already been hired, and LeBlanc said he expects the unit to be fully staffed in a few months.
Announcement of the unit comes five months after the California attorney general said she had reached an agreement with Apple, Google, Research In Motion, Amazon, Hewlett-Packard and Microsoft, to ensure that users can read the privacy policies on all mobile applications before downloading and installing the apps. The group was joined by Facebook in June.
One of the unit's first tasks will be a check-in with the companies to see how they have lived up to the agreement.
"In terms of enforcement, we have targeted our efforts in the mobile space," said LeBlanc. "We're seeing lots of privacy concerns there. Some people see it as the wild, wild West. We intend to start enforcing the California Online Privacy Act."
In terms of the unit's impact beyond state borders, it could face challenges from companies under U.S. federal interstate commerce laws if it tries to make too big a change on digital business practices, said Brookman.
Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is firstname.lastname@example.org
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts