In December of 2012, California’s attorney general (AG) filed a lawsuit under the California Online Privacy Protection Act, which is also referred to as CalOPPA.  The suit against Delta Airlines is one of their most high-profile cases against a company claiming the failure to provide users of mobile applications a proper notice on specific privacy practices.  In short, the suit claimed that the users of the Delta app were not made aware of how their information would be used.  The primary focus of the act was originally websites, viewed by California as “online services”.  Any website collecting personally identifiable information (PII) that does not have a conspicuous privacy policy in place is fair game under this act (but it’s hard to imagine how many sites don’t have a privacy policy).

The new twist is that the California AG is now expanding CalOPPA to include mobile applications.  What may also be surprising to some is that CalOPPA has existed since 2004, but notification of mobile app inclusion began a year ago.  Since February 2012, Google, Apple, Facebook, HP, Microsoft, Research in Motion and Amazon have jointly agreed to privacy principles ensuring compliance with CalOPPA.  The California AG, Kamala D. Harris, is supported by a state enforcement and protection unit that reaches out to online servicers with warning letters to those found to be out of compliance.  The deadline to inform Harris as to when compliance will be met is a brisk thirty days, after which a fine of $2,500 per application download can be levied.  Let that one sink-in for a moment - per download.  So this is no small sum for even a moderately popular app.

Law firms and privacy bloggers are now buzzing about CalOPPA, because apparently the requirements are catching many mobile application developers – and their clients – off-guard.  Not all applications are in scope of course, just those that collect PII and/or location data.  To comply fully with the act, a mobile app must have a conspicuously posted privacy policy and details within the policy of how the information will be collected, used and shared.  The requirements of the act may appear simple, but more so for applications to be developed than those that already exist.   Where this becomes a complex business problem is the expectation of the California AG that the privacy policy should be inclusive within the app.  For those apps not in compliance, this means an update push and the attempt to pack lengthy privacy language into a mobile’s form factor.

AG Harris states on her website that “Protecting the privacy of online consumers is a serious law enforcement matter“.  The enforcement that is now taking place is going to serve as a serious wake-up call to all online service providers that collect information about Californians, i.e. – basically all providers.  This is not the first foray into trailblazing concerning privacy originating from California.  In 2003, the California Security Breach Information Act became a state law.  Commonly known as SB-1386, this law required that owners of any breached sites collecting PII of Californians were responsible for notifying all affected parties.  Massachusetts took this concept much further in 2010 with their Data Protection Law (MA 201).  The MA 201 law is designed to protect the citizens of Massachusetts by requiring compliance with a set of security standards for “every person who owns, licenses, stores or maintains personal information about a resident of the Commonwealth…”.  The law includes language on access control, encryption, firewalls, and awareness training.

So what would drive California and Massachusetts to have detailed security provisions regarding privacy and PII collection?  How does this impact my business and are these two the only states of concern?  It isn’t as if you are likely to refuse California, Massachusetts or any other state’s (or even country’s) business to avoid complying with these laws.  When it comes to addressing data breaches, there are multiple state laws with varying degrees of strictness.  In fact, according to the National Conference of State Legislatures, all but four states have security breach notification laws as of August 2012.  The likely reason for such impactful state laws is the lack of a clear federal regulation to provide one singular, cohesive and comprehensive set of laws that meet even the minimal requirements of all state laws.

Cybersecurity legislation had an embattled run in 2012 with no resolution.  The 113th congress in 2013 is expected to pick up the topic and an Executive Order is likely to be signed this month.  Until then, states will continue to prepare legislation that protects their residents’ data regardless of the location of the online services provider.  Now that California is touching the third screen with CalOPPA, time will tell how soon other states may follow suit.  Now would also be a good time to review your mobile applications and the necessary privacy policies, before your letter arrives.

About the Author:

John Ceraolo is the chief security officer at 3Cinteractive where he directs the organization’s enterprise risk management, business continuity, and information security. Ceraolo has been leading security initiatives within global organizations for over 20 years.

Last Friday, February 1st, we took a day away from the office to help build homes for Habitat for Humanity of South Palm Beach County. About 50 volunteers from our office came out to help construct a couple homes in Ocean Breeze West, a development of 21 single-family homes in the Heart of Boynton Beach, FL.

We split up into two different groups to help work on separate houses. Half of the group hung drywall in one house while the other nailed shingles to the roof of the other. We enjoyed meeting and working alongside the deserving future owners of each of these new homes. It was a great team-building project and we hope this build is the first of many!

Check out pictures from our build on Facebook!

About Habitat for Humanity of South Palm Beach

Habitat for Humanity of South Palm Beach County is a nonprofit, volunteer-driven organization that works to provide affordable homeownership opportunities for hardworking and deserving families in South Palm Beach. Habitat for Humanity of South Palm Beach County relies solely on local funding support and volunteer efforts to achieve its goals and mission. For more information, visit habitatsouthpalmbeach.org.

About Habitat for Humanity International

Habitat for Humanity International is an ecumenical Christian ministry that welcomes to its work all people dedicated to the cause of eliminating poverty housing. Since its founding in 1976, Habitat has built, rehabilitated, repaired or improved more than 400,000 houses worldwide, providing simple, decent and affordable shelter for more than 2 million people. For more information, or to donate or volunteer, visit www.habitat.org.

On Saturday, January 26th several 3Ci team members joined more than 25,000 others at Sun Life Stadium to raise awareness for those touched by autism. The third annual DMF WalkAbout Autism generates awareness and raises much needed funds for South Florida programs benefiting children and young adults living with autism. The DMF WalkAbout Autism is always an anticipated event for us as we enjoy supporting such a great cause. Thank you to the Marino Foundation for all you do in the community and for those affected by autism. Since its beginning the WalkAbout has raised over $1 million for local charities.

The mobile revolution is upon us. Newer segments of mobile such as location based services (LBS) and mobile payments are changing the way consumers use their mobile devices. Companies are now taking a more holistic approach to mobile by incorporating messaging, voice, mobile web and apps together throughout the customer lifecycle. 3Ci’s VP of marketing discusses how the innovations of smartphones and their advancing capabilities have revolutionized the way businesses are approaching consumer engagement in the U.S. today.

About The Author:

Jeff Michaud is the vice president of marketing for 3Cinteractive. Michaud is responsible for managing 3Ci’s brand direction and market positioning, product marketing, customer acquisition and sales support, as well as oversight of its corporate communications.

This video was originally published by Forbes on January 23, 2013 by JJ Colao, Entrepreneur Writer, Forbes.

3Ci President Mike FitzGibbon discusses the worst sales meeting of his life, and how it provided a turning point in building America’s Most Promising Company.

The original story can be found at 
http://www.forbes.com/sites/jjcolao/2013/01/23/americas-most-promising-company-on-a-sales-meeting-gone-wrong/.

Leading mobile platform company takes the top spot on the list of high-growth, privately held U.S. companies

3Cinteractive®, a leading mobile platform company, announced it ranked #1 on Forbes’ list of “America’s Most Promising Companies”. The third annual list recognizes U.S.-based, high-growth, privately held companies. The full list of companies will be available online at www.forbes.com February 6th.

“It is an honor to rank at the top of Forbes’ list of America’s Most Promising Companies,” said John Duffy, 3Cinteractive’s founder and CEO. “This recognition is a testament to our amazing team and their tireless work ethic, as well as our world-class clients and partners who make our success possible. We will continue to invest in our Switchblade platform to help our clients create stronger engagement with consumers on their mobile devices in ways that drive measurable, profitable results.”

To view 3Ci’s AMPC online profile visit: http://bit.ly/UlvC16

Read the rest of this entry »