California Atty. Gen. Kamala Harris is requiring Silicon Valley start-up Houzz Inc. to hire a "chief privacy officer" as part of a settlement resolving breach-of-privacy allegations, the first time the office has imposed such a provision.
Over six months in 2013, Irvine-based employees of the popular home design and decor shopping app failed to notify people on sales calls that the conversations they were engaging in were being recorded for “training and quality-assurance purposes,” the attorney general’s office said Friday. The state’s wiretapping and eavesdropping laws require that everyone in a chat consent to it being recorded.
But going beyond the usual fine and follow-up monitoring that are routinely imposed as penalties in privacy cases, Harris said Houzz must quickly fill a position akin to a “chief privacy officer,” though it doesn’t have to be called that.
The person must understand and oversee compliance with privacy laws and have the authority to report significant privacy concerns to fellow executives. The “CPO” in business parlance has grown into major position the past few years as a stream of major data breaches has put pressure on companies to better guard consumer information.
The attorney general’s office said in a release that Houzz adding a chief privacy officer would be “a significant step that is aligned with Harris’ ongoing efforts to preserve California businesses’ ability to innovate while ensuring that consumers’ right to privacy is protected.”
An agency spokeswoman said the requirement hasn’t appeared in previous cases.
Houzz long has had an in-house lawyer focused on privacy issues, said company spokeswoman Gabriela Hebert. But it would make an “official appointment within the next 60 days” to comply with the “mutually acceptable” terms, which include $175,000 in fines and fees. The company claims 35 million monthly users.
“Houzz values the privacy of its employees and its community and we have since enhanced our compliance efforts to meet all applicable legal requirements,” Hebert said in a prepared statement.