Last month, the State of California filed its first enforcement action under its privacy laws against Delta Air Lines, seeking potentially millions of dollars in fines. Under California's consumer privacy law, all parties that collect personal information from California residents are required to include a privacy notice on their websites and mobile applications.
This law applies to all companies - not just those based in California. Failure to comply with California's privacy notice requirement carries a fine of up to $2,500 per violation.
Although Delta included a compliant privacy policy on its website, California alleges the airline did not state that the policy covered its "Fly Delta" mobile application nor did it include access to the policy on the app.
This case could signal increased scrutiny and regulatory enforcement by the State of California (and possibly other governmental authorities) against large and small companies that fail to comply with consumer privacy notice requirements.
It also serves as a good reminder for website and mobile app owners, who collect personal information, to:
- Ensure that they have a privacy policy that complies with both federal and state law.
- Verify that the manner in which the privacy policy is posted complies with federal and state law.
- Confirm that the privacy policy applies to its mobile applications and, if possible, that it is accessible from the mobile applications.
- Confirm that the privacy policy reflects the actual practices of the company.
- Respond promptly to any notice received from a governmental authority regarding potential violations.
This filing reminds franchise companies of the importance of ensuring that your website and mobile apps include access for consumers to your privacy policy.
If you are a franchisor or other company and would like any assistance in reviewing your website, mobile applications and related privacy policy to determine whether they satisfy legislative requirements, please feel free to contact Armstrong Teasdale attorneys Joan Archer, Jennifer Byrne, or Tiffany Schwartz.
Thanks for sharing Matthew. This can be helpful in even other areas such as healthcare and education websites and products as well.
It will be essential for any company and organization to check the state rules and regulations not just for privacy rules/regulation but also jurisdiction for any cross state fraud cases - when forming their policies.