In July 2012, California Attorney General Kamala D. Harris announced the creation of a new Privacy Enforcement and Protection Unit, which combines the privacy functions of the Department of Justice into a single enforcement and education group.1 According to the Attorney General, the Privacy Unit centralizes California’s efforts to protect privacy through education, partnerships with industry, and civil enforcement of state and federal privacy laws.
“In the 21st Century, we share and store our most sensitive personal information on phones, computers and even the cloud. It is imperative that consumers are empowered to understand how these innovations use personal information so that we can all make informed choices about what information we want to share,” said Attorney General Harris. “The Privacy Unit will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to invade the privacy of others.”
The Privacy Unit will be staffed by employees from the Department of Justice, including six prosecutors who will concentrate on enforcement. Joanne McNabb will serve as the Director of Privacy Education and Policy, and will oversee the Privacy Unit’s education and outreach efforts. Ms. McNabb previously led the California Office of Privacy Protection, which provided assistance to consumers and businesses regarding identity theft and other privacy-related issues. That office was recently slated for closure under state budget cuts.
The Privacy Unit will reside within the eCrime Unit, which was created in Dec. 2011.2 The eCrime Unit identifies and prosecutes identity theft crimes, cyber crimes and other crimes involving the use of technology, such as Internet fraud, computer theft, and intellectual property crimes. Since its inception, the eCrime Unit has reinforced the state’s commitment to prosecuting this illegal activity. One recent case involved an identity theft scam at ATMs throughout seven counties, which the eCrime Unit investigated and charged as a scheme across all seven counties.
The creation of the new Privacy Enforcement and Protection Unit also follows up on the Attorney General’s Feb. 2012 announcement of an agreement on privacy protections for mobile devices.3 As a result of that effort, the state and several leading operators of mobile platforms committed to a set of privacy guidelines regarding the collection, use and sharing of mobile users’ data. These guidelines include the conspicuous posting of privacy policies, and processes for reporting non-compliance with such policies.
Privacy enforcement is expected to increase with the establishment of the Privacy Enforcement and Protection Unit, and as mobile platforms become more pervasive and as new technology poses unique privacy questions for both consumers and businesses. Businesses should consider potential enforcement issues, and whether steps should be taken to minimize the likelihood of enforcement actions.