California Attorney General Kamala Harris is enlisting new enforcers in her efforts to get companies to comply with the state’s privacy policy requirements: members of the public.

On October 14, Harris released an online form enabling consumers to report websites, mobile applications, and other online services that are violating the California Online Privacy Protection Act (CalOPPA) by failing to post a privacy policy or by posting an incomplete or inadequate privacy policy. The move comes shortly after the release of a Future of Privacy Form study that concluded that the number of apps with privacy policies has risen from 30 percent to 80 percent since 2012, but that many apps and websites are still not in compliance.

In a press release, Harris emphasized that companies doing business in California must prioritize transparency and privacy with their consumers. Bringing in consumers as watchdogs will increase the likelihood that companies observe the laws requiring privacy safeguards, she said.

“By harnessing the power of technology and public-private partnerships, California can continue to lead the nation on privacy protections and adapt as innovations emerge,” Harris said.

CalOPPA, passed in 2003, was the first law in the nation to require commercial websites and online services to post privacy policies. Any operator in the world that collects personally identifiable information, such as name, address, email address, phone number, or Social Security number from California consumers, is required to comply. The privacy policy must include the categories of information collected, the types of the third parties with whom the operator may share that information, instructions regarding how the consumer can review and request changes to his or her information, and the effective date of the private policy. The law was further expanded in 2013, requiring privacy policies to include information on how the operator responds to ‘Do Not Track’ signals or similar mechanisms, and mandating that privacy policies state whether third parties can collect personally identifiable information about the site’s users.

Compliance with CalOPPA is a law that should be on the radar of any company doing business on the Internet. Enforcement of the law has been a priority for the AG in recent years, and the latest move to empower consumers to make privacy “citizen’s arrests” serves as a reminder that California is serious about the law’s requirements. Noncompliant websites and apps are getting fewer and farther between, according to the FPF study, but that statistic makes it all the more important that a company not be caught red-handed as a violator.

The form is available at https://oag.ca.gov/reportprivacy.