In October 2015, California Attorney General Kamela Harris announced a settlement with Bay Area housing design startup Houzz, Inc. to resolve alleged violations of California privacy laws. According to the AG’s office, for about 6 months in 2013, Houzz allegedly secretly recorded certain incoming and outgoing telephone calls, including customer and employee phone calls, intended for training and quality-assurance purposes. However, Houzz allegedly failed to notify all parties of the recording or obtain their consent to be recorded, in violation of state laws against wiretapping and eavesdropping. The press release provided by the Attorney General’s Office, the initial complaint filed against Houzz, and the stipulated judgment resolving the matter can be viewed online.
When given notice of the alleged violations, Houzz stopped the recordings and cooperated with the investigation. In that light, while the alleged privacy violations are somewhat pedestrian, some of the required remedies are not.
Under the terms of the settlement, in addition to paying $175,000 and destroying the phone recordings, Houzz is required to appoint a Chief Privacy Officer. This executive will be responsible for monitoring Houzz’s going-forward compliance with relevant privacy laws, and for bringing any concerns to the prompt attention of the company’s executive team. Additionally, the settlement requires Houzz to conduct an internal privacy risk assessment to evaluate several issues, including those implicated by the company’s business practices, use of technology and processes related to any business partners with whom Houzz shares PII.
It’s unclear whether such provisions will become a template for future AG office settlements resolving alleged privacy law violations in California. Nonetheless, companies conducting business in California or with California residents should take note of this new settlement strategy.