California’s Attorney General Kamala D. Harris has issued a new document that includes recent changes to the state’s privacy law and follows an earlier report on cyber-attacks and data breaches.
“This guide is a tool for businesses to create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions,” Harris explained in the statement.
The privacy guide includes such recommendations as:
- Prominently label the section of a policy on online tracking, such as: “California Do Not Track Disclosures.”
- Say how a business responds to a browser’s Do Not Track signal.
- Say what personally identifiable information a business collects from users, how it is used and how long it will be retained.
The state’s work on privacy was praised by companies, such as HP. “HP commends the work of California in establishing expectations-based guidance for privacy as it strikes the right balance between innovation and the protection of legitimate consumer rights,” Scott Taylor, vice president and chief privacy officer at Hewlett-Packard, said.
The guide was also praised by privacy experts. "Their common-sense recommendations are clear, readable, useful, and mercifully short. Companies will understand how to comply with the letter and spirit of California transparency laws. In particular, I am delighted to see a light-touch legislative approach for transparency around Do Not Track," Aleecia McDonald, director of Privacy at the Center for Internet and Society based at Stanford Law School.
The state’s Privacy Enforcement and Protection Unit was set up in 2012 to enforce federal and state privacy laws regulating the collection, retention, disclosure and destruction of private or sensitive information by individuals, organizations and the government. The unit also works to educate consumers and recommend best practices to businesses on privacy-related issues.
Earlier, Harris’ office issued recommendations to California businesses to protect against malware, data breaches and other cyber risks. The guide, “Cybersecurity in the Golden State,” provides recommendations for small- to mid-sized businesses. That size businesses needs such a guide, given that in 2012, 50 percent of all cyber-attacks were aimed at businesses with fewer than 2,500 employees and 31 percent were aimed at those with less than 250 employees.
“Technology has created new opportunities and new risks for California businesses, including cyber-attacks,” Harris said in a statement about the cyber-security guide. “This guide offers specific, straightforward recommendations to help businesses continue to thrive by reducing cyber security risks to employees and customers.”
Examples of recommendations in the guide include:
- Develop an incident response plan.
- Encrypt data that a business needs to keep.
- Regularly update firewall and antivirus software on all devices, using strong passwords.
Now, the increasing use of mobile devices has also led to new threats.
“Many of us now carry devices in our pockets that are more sophisticated than we ever could have imagined just a decade ago,” Harris said in the cyber-security guide. “Downloadable applications can render us vulnerable to fraud, theft, and other privacy concerns and mobile devices that are constantly connected to the Internet or local Wi-Fi networks face persistent security issues.”