California Attorney General (AG) Kamala Harris is continuing her crusade to strengthen privacy regulation in her state. As you may recall, AG Harris previously attempted to sue Delta Airlines for failure to incorporate a privacy policy into the company’s mobile app. The suit was based on the California Online Privacy Protection Act, which requires web operators, including mobile app providers, to provide privacy policies for consumers. Despite the fact that AG Harris notified Delta that the company’s app, “Fly Delta,” needed a privacy policy, the company did not comply with her demands. As a result, AG Harris filed suit. However, the suit was dismissed as barred by the federal Airline Deregulation Act of 1978 since the “Fly Delta” app provides check-in capabilities and other “services,” as defined by the federal statute. Despite the fact that AG Harris failed in her attempt to force Delta to comply with the California Online Privacy Protection Act’s privacy policy requirement, she is refusing to back down. AG Harris is pushing forward in her attempt to strengthen privacy legislation in California in other ways.

One such effort is California Senate Bill 46. The state senate recently voted in favor of California Senate Bill 46, which was sponsored by AG Harris and first introduced late last year. If enacted, the law will update the categories of information that will trigger a data breach notification. Currently, companies must only notify customers if they reasonably believe that there has been an unauthorized access to personal information, which includes unencrypted Social Security numbers, driver’s license numbers, and medical information. The new bill will update that law to also require real-time notice where passwords, usernames, or security questions are changed to help limit potential financial loss.

All companies with online and mobile technology should be aware of AG Harris’s activities in the privacy arena. Her efforts related to mobile privacy, as well as her push to expand the category of information that will trigger a data breach notification, are important as they demonstrate a strong effort on the part of the state to enforce and strengthen privacy legislation. California continues to stand out as a leader among states when it comes to consumer protection and companies doing business in the state should be aware of the privacy laws there.