Calif. AG Comes Down Hard On Comcast in $33M Privacy PactSeptember 21, 2015 – In The News
Scott L. Vernick was quoted in the Law360 article, “Calif. AG Comes Down Hard On Comcast in $33M Privacy Pact.” Full text can be found in the September 21, 2015, issue, but a synopsis is below.
On Thursday, California’s attorney general hit Comcast Corp. with a $33 million fine for allegedly disclosing personal information of customers who paid to keep that information hidden.
The fine includes $25 million in penalties and investigative costs to the California Department of Justice and the California Public Utilities Commission and $8 million in restitution to customers whose information was disclosed.
“The penalty overall is pretty stiff, and with a large amount of it being regulatory penalties, it seems that the California attorney general and the public utilities commission want to send a message here that if companies don’t do what they say they’re going to do, they’re going to be in for a tough time from an enforcement standpoint," said Scott L. Vernick, a noted privacy attorney.
In recent years, state and federal regulators have increased pressure on companies to tighten privacy policies, and California Attorney General Kamala Harris has been at the forefront of the efforts.
“Everyone knows that the California attorney general is very active in this space, and this settlement is perfectly consistent with past history and perfectly consistent with what we should expect to see going forward,” Vernick said.
While much of the focus of regulators and lawmakers recently has been on how organizations secure their data, the fine for Comcast highlights another important area that should not be overlooked: privacy policies.
“Separate and apart from whether a company has in place appropriate security protocols and appropriate breach responses, one of the principle areas of enforcement is when companies’ practices on the ground do not match their privacy policies,” Vernick said. “That is in some ways the low-hanging fruit of enforcement actions because it’s one of the easiest things to get at.”
While the Comcast customers likely have a better chance at succeeding on private class action claims than most privacy plaintiffs, having the attorney general sue the company on their behalf has its perks as well.
“It’s much more efficient for regulators to exercise their muscle and jurisdiction and go after companies,” Vernick said. “While plaintiffs can do the same thing, most consumers don’t bring cases and go through the class process for $1.25 or $1.50 claims.”
There is a high likelihood that regulators will keep the privacy pressure on companies, and according to attorneys, companies need to be cautious that they closely abide by their privacy policies, as do their vendors.
“There’s no doubt that both state regulators and the FTC are going to continue to be active and energetic when it comes to enforcing data security and privacy infractions,” Vernick said. “And one of the easiest ways to avoid liability and triggering the ire of the regulator is to do what you say you’re going to do in policies and public statements.”