On Friday, Oct. 2, home design and renovation company, Houzz, Inc., reached a settlement with the Office of California Attorney General Kamala Harris over allegations that Houzz had recorded customer and employee conversations without providing proper notice. Houzz is a venture capital-backed startup that provides a platform for home remodeling and design, with headquarters in Palo Alto, Calif. The settlement requires Houzz to pay $175,000 in civil penalties and legal fees, conduct a privacy risk assessment within 12 months, and, notably, hire a chief privacy officer within 60 days.
Privacy Officer Required
This settlement marks the first time that the California Attorney General has expressly required the hiring of a privacy officer as part of a negotiated settlement. The settlement requires that the individual be knowledgeable of state and federal privacy laws and ensure Houzz’s compliance through its privacy policy and related practices and procedures. The California Attorney General’s press release noted that this was “a significant step that is aligned with Harris’ ongoing efforts to preserve California businesses’ ability to innovate while ensuring that consumers’ right to privacy is protected.”
The settlement makes clear that the California Attorney General considers the hiring of a privacy officer to be a standard measure of good privacy practices. This position will have far-reaching impact, as the California Attorney General claims jurisdiction to enforce state laws against all companies conducting business in California — essentially any company with a website.
CA Attorney General Increasingly Active
The Houzz settlement comes on the heels of several other privacy-related settlements by the California Attorney General, including a $33 million settlement last month with Comcast for allegedly posting online information about customers who had paid for unlisted phone services and a $28 million settlement one year ago with Aaron’s, Inc. for allegedly installing spyware and charging late fees without proper consent.
About Goodwin Procter’s Privacy & Cybersecurity Practice
Goodwin Procter’s Data, Privacy and Cybersecurity Practice leverages the firm’s core strengths, collaborating across the firm’s highly regarded technology, financial institutions, licensing, litigation and investigations, regulatory and appellate practices. This unique approach, focusing on client needs and value, enables us to engage specialists whose experience and leadership is framed by a holistic understanding of the nature and importance of information to modern enterprises.
For more information about this update, or for other assistance regarding privacy and data security matters, please contact any member of our data, privacy and cybersecurity team.