From: JD Supra

While several states – and the federal government – consider strengthening legislation to protect consumers against data breaches, identity theft, and other privacy violations, California is taking action.

Earlier this month, California Attorney General Kamala Harris created a new “Privacy Enforcement and Protection Unit.” From law firm Morrison & Foerster:

“The Privacy Enforcement and Protection Unit will be organized under the state’s new eCrime Unit, which was formed in August, 2011 and will centralize a number of existing California Justice Department programs intended to enforce privacy laws, combat identity theft, educate consumers, and create partnerships with private industry under one umbrella.”

Three takeaways:

1. The new agency has a very broad mandate:

“The Privacy Unit will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. In addition to online privacy regulation, the Privacy Unit will investigate data breaches, identity theft, and violations of offline health, financial, and government privacy regulations.” (California Steps Up Privacy Efforts with New Privacy Enforcement and Protection Unit by Wilson Sonsini Goodrich & Rosati)

2. This is only the beginning:

“Harris has made online privacy protection a major focus of her administration, and the creation of the new Privacy Enforcement and Protection and eCrime Units are just two of her initiatives aimed at fighting online crime and protecting consumer privacy.” (California Attorney General Creates Privacy Enforcement and Protection Unit; Increased Enforcement Likely by Morrison & Foerster LLP)

3. Penalties can be severe for businesses that violate consumer privacy:

“With the Privacy Unit in place, actions enforcing California’s data privacy regulations, which are among the strictest in the nation, are certain to increase…  ‘The Privacy Unit,’ according to Attorney General Harris, ‘will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to invade the privacy of others.’  Based on prior comments from Harris, such enforcement may include prosecutions under California’s Unfair Competition Law  and/or False Advertising Law, which imposes penalties of up to $500,000.” (Law & Order PEPU: California’s new Privacy Enforcement and Protection Unit by Mintz Levin)