Making good on her promise to enforce the state’s privacy law against mobile apps, California Attorney General Kamala Harris announced that she sent warning letters to “scores” of noncompliant developers.

Harris gave recipients 30 days to comply with the California Online Privacy Protection Act, which requires that companies conspicuously post a privacy policy within or accessible from their app. The policy must include information about what personally identifiable information the app collects and how companies use the data.

“Having a Web site with the applicable privacy policy conspicuously posted may be adequate, but only if a link to that Web site is ‘reasonably accessible’ to the user within the app,” a sample letter reads.

In February Harris reached an agreement with six major online companies through which apps are generally available – Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion – which made clear that the 2003 California Online Privacy Protection Act applies to mobile apps. Facebook signed on to the agreement over the summer.

The companies also agreed to make space available for developers to comply with the law by providing a data field for apps to include a hyperlink to the app’s privacy policy or the text of the privacy policy itself. They also promised to establish a format for consumers to report noncompliant apps and implement a process for responding to complaints.

While the collection of consumer information by mobile apps is perfectly legal under the law, developers and platforms must inform consumers prior to collection, typically when the app is downloaded. Violation of the law can result in fines of up to $2,500 per download of the noncompliant app.

Harris declined to name recipients of the letters, but news reports indicated that Delta, OpenTable, and United, which had received a tweet from Harris about their lack of a privacy policy in September, were also included.

To read a sample warning letter, click here.

Why it matters: Harris said “up to 100” letters were sent “starting with those who have the most popular apps available on mobile platforms,” but indicated that this was just the beginning of her enforcement activity. Developers should review their privacy policies and ensure that their apps are in compliance with California law.