This initiative by the Attorney General is effective immediately and is just the latest example of California’s effort to increase enforcement of laws aimed at protecting the privacy and data security of individual consumers.
Importantly, CalOPPA applies to any company that obtains PII from California residents, regardless of whether that company is based in California or is targeting California residents.
The new online form allows consumers to report several types of violations:
It is unclear if the Attorney General intends to use the results of the information collected through the form other than to directly notify companies of violations of CalOPPA. For example, will the Attorney General make the information related to verified offenders public as part of a “name and shame” program? In addition, it is unclear from the announcement of the online form whether the information would be eligible for disclosure under California public records laws or whether the Attorney General would take the position that such information should not be released on the grounds that they are unproven allegations of misconduct, as is the Attorney General’s standard practice with regard to consumer complaints today.
This initiative by the Attorney General is effective immediately and is just the latest example of California’s effort to increase enforcement of laws aimed at protecting the privacy and data security of individual consumers. With plans to develop a tool to proactively identify mobile apps that may be in violation of CalOPPA on the Attorney General’s agenda, these efforts show no sign of abating. Consequently, privacy compliance programs that ensure documentation of appropriate policies and disclosures are more important than ever.