Alert October 06, 2015

California Attorney General Settlement Requires Hiring of Privacy Officer: Businesses with Web Presences Subject to Increasing California Enforcement

Summary

The California Attorney General’s recent settlement with website operator Houzz includes, for the first time, a requirement to hire a privacy officer. This step coincides with an increase in privacy-related enforcement from the California Attorney General, who has far-reaching authority over companies doing business online.

On Friday, Oct. 2, home design and renovation company, Houzz, Inc., reached a settlement with the Office of California Attorney General Kamala Harris over allegations that Houzz had recorded customer and employee conversations without providing proper notice. Houzz is a venture capital-backed startup that provides a platform for home remodeling and design, with headquarters in Palo Alto, Calif. The settlement requires Houzz to pay $175,000 in civil penalties and legal fees, conduct a privacy risk assessment within 12 months, and, notably, hire a chief privacy officer within 60 days.

Privacy Officer Required

This settlement marks the first time that the California Attorney General has expressly required the hiring of a privacy officer as part of a negotiated settlement. The settlement requires that the individual be knowledgeable of state and federal privacy laws and ensure Houzz’s compliance through its privacy policy and related practices and procedures. The California Attorney General’s press release noted that this was “a significant step that is aligned with Harris’ ongoing efforts to preserve California businesses’ ability to innovate while ensuring that consumers’ right to privacy is protected.”

The settlement makes clear that the California Attorney General considers the hiring of a privacy officer to be a standard measure of good privacy practices. This position will have far-reaching impact, as the California Attorney General claims jurisdiction to enforce state laws against all companies conducting business in California — essentially any company with a website.

CA Attorney General Increasingly Active

The Houzz settlement comes on the heels of several other privacy-related settlements by the California Attorney General, including a $33 million settlement last month with Comcast for allegedly posting online information about customers who had paid for unlisted phone services and a $28 million settlement one year ago with Aaron’s, Inc. for allegedly installing spyware and charging late fees without proper consent.

About Goodwin Procter’s Privacy & Cybersecurity Practice

Goodwin Procter’s Privacy & Cybersecurity Practice leverages the firm’s core strengths, collaborating across the firm’s highly regarded technology, financial institutions, licensing, litigation and investigations, regulatory and appellate practices. This unique approach, focusing on client needs and value, enables us to engage specialists whose experience and leadership is framed by a holistic understanding of the nature and importance of information to modern enterprises.

For more information about this update, or for other assistance regarding privacy and data security matters, please contact any member of our privacy and cybersecurity team.