Do Data Breach Guidelines Signal Coming Enforcement Efforts Against Businesses With Customers Or Operations In California?
Any business that has customers or operations in California should pay attention to California law regarding privacy and data security. The State of California has been active in the areas of breach notification, privacy policies for online services that collect personal information from California residents, privacy practices for the mobile app industry, online privacy rights for California minors, and disclosure by operators of websites regarding whether third parties may be collecting personally identifiable information relating to a consumer’s online activities. Last year alone, fourteen pieces of legislation involving privacy and data security were introduced in California’s legislature, three of which were signed into law by Governor Brown.
On February 27, 2014, the California Attorney General’s Office released guidelines outlining steps that smaller firms can take to prepare themselves against data breaches. While the California AG’s Office has indicated that the recommendations offered in the guidelines are not “regulations, mandates or legal opinions,” firms that have customers or operations in California should be alert to the possibility that the California AG’s office may in the future view the guidelines as an informal mandate for all businesses with customers or operations in California. A copy of the guidelines can be found here. McGrath North’s lawyers stand ready to assist your business in addressing the compliance challenges created by the constantly evolving federal and state privacy and data security laws.