The Attorney General's office of California today announced a new Privacy Enforcement and Protection Unit in the state's Department of Justice that will hold companies accountable for safeguarding consumer data.
The newly created unit will reside within the eCrime Unit established last year to prosecute identity theft, data intrusions and crimes involving the use of technology. The office will enforce privacy protections using existing state and federal laws that regulate how companies can collect, store, use and destroy personal data, as well as educate consumers on their rights and help industry develop best practices, said Travis LeBlanc, Special Assistant Attorney General for Technology for California.
"We believe we are trailblazing in this area, bringing together an enforcement and an education function," he said in an interview last night. "We have a specific constitutional right in California to privacy, and it's an inalienable right."
While LeBlanc will oversee the law enforcement aspect of the new unit at the executive level, Joanne McNabb, formerly of the California Office of Privacy Protection, has been named Director of Privacy Education and Policy and will head up education and outreach for the unit. "There is a clear desire on the part of industry to get some help in coming up with appropriate privacy practices," McNabb said.
The state AG's office has been actively pushing for greater protections for consumers' information as they move more of their lives onto social media sites and mobile devices. Just this year, changes to the state's data breach notification laws went into effect that require companies to report breaches to the AG's office if personal information of more than 500 Californians is involved. The agency will produce annual reports identifying data breaches based on those notifications, LeBlanc said.
Apple, Google, Microsoft, Amazon, Hewlett-Packard and Research in Motion had agreed to improve mobile privacy protections, starting with requiring privacy policies in apps. Facebook joined the roster in June. What this means is that California's Online Privacy Protection Act, one of the strongest consumer privacy laws in the nation, is being applied to mobile apps as other states struggle to keep consumer laws relevant in the face of advancing technology.
The AG's office will meet with the mobile platform providers that have agreed to require privacy policies in apps at the end of August or beginning of September to evaluate their progress in implementing the agreement, according to LeBlanc.