|Photo credit: Truthout.org / Foter.com / CC BY|
The FTC has recently served so-called "educational" letters on approximately 90 businesses alerting them to upcoming changes in regulations--ostensibly "to encourage you to review your apps, your policies, and your procedures for compliance." The primary targets seem to have been operators of mobile apps.
But it's not just the feds who are taking an active role in identifying and addressing deficient privacy policies and practices. California has some of the most extensive online privacy requirements of any U.S. jurisdiction, and any business with a website directed to a nationwide audience should take care to observe the California rules. About a year ago, California's Attorney General announced the creation of a Privacy Enforcement and Protection Unit assigned to "focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws." In February of 2012, California's Attorney General entered into an agreement with seven leading mobile and social app platforms – Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion – to conform to California law. Then, in October of 2012, the Attorney General sent letters to 100 mobile app operators across the country demanding they comply with the California Privacy Protection Act. The Attorney General warned that companies can face fines of up to $2,500 each time a non-compliant app is downloaded. Atlanta-based Delta Airlines was one of the recipients of the letter, and based upon Delta's failure to comply with the Attorney General's demand within 30 days, the Attorney General sued Delta in December of 2012 in federal court in San Fransisco. The Attorney General has threatened to bring actions against non-compliant website operators and app operators under California’s Unfair Competition Law and/or False Advertising Law, which could result in hefty penalties.
In the future, website operators and mobile app operators will have increasing difficulty staying beneath the radar of the FTC and attorneys general, and compliant privacy policies and practices will be more important than ever to avoid lawsuits and prosecution. There will be no better time than now to review privacy policies and procedures for compliance with all applicable legal requirements.