Even in the midst of high-profile activities like the national mortgage settlement and the U.S. Supreme Court argument over challenges by States (among others) to the “Obamacare” health care law, AGs still have time to continue their focus on data privacy, which remains a hot-button issue.
Individual AGs also have been very active in data privacy efforts, none more so than California AG Kamala Harris. In late February, AG Harris announced a sweeping agreement with the six largest mobile app distributors (Google, Apple, RIM, Hewlett-Packard, Amazon and Microsoft), requiring all apps distributed on their platforms to have privacy policies, to allow app purchasers to review the privacy policies before purchase, and to require app developers to disclose to consumers what private information they collect, how they use and with whom they share it. More recently, AG Harris entered into an agreement with three of the largest online dating services (eHarmony, Match.com and Spark Networks), under which the companies will use a variety of online tools to protect members, including checking subscribers against sex offender registries and providing a rapid reporting system for abuse (including physical safety concerns and fraud).
Other AGs who have been very active in this area recently include:
- CT AG Jepsen, who recently entered into settlements with MetLife (in late January) and Wells Fargo (in early February) as a result of large data breaches and who is continuing investigations into data breaches suffered by Central Connecticut State University and the CT Department of Labor;
- Illinois AG Lisa Madigan, whose office just released guidance on complying with the State’s information and security breach notification laws. The guidance, much like that issued by Vermont AG Bill Sorrell’s office, suggests that companies that experience data breaches should notify the AG’s office and affected consumers despite the absence of a legal requirement to do so; and
- Maryland AG Doug Gansler, whose 2012-2013 NAAG Presidential Initiative will focus on protecting personal information privacy, particularly financial data and the use of personal data for marketing.
Companies that hold consumers’ personal data should take note of this recent activity and ensure that they: have robust privacy policies in place; maintain and enforce those policies strictly; and are cognizant not only of their obligations under federal law, but also of state data privacy laws.