Cybercrime & Technology

Attorney General Kamala D. Harris Launches New Tool to Help Consumers Report Violations of California Online Privacy Protection Act (CalOPPA)

October 14, 2016
Contact: (916) 210-6000,

Part of Multi-Pronged Effort to Improve Online Privacy and Increase Compliance with CalOPPA 

SAN FRANCISCO -- Today, Attorney General Kamala D. Harris announced the release of an online form to help consumers report websites, mobile applications, and other online services that are in violation of the California Online Privacy Protection Act (CalOPPA). A website or app operator may violate CalOPPA by failing to post privacy policies or posting incomplete or inadequate policies. This new form is one of several initiatives Attorney General Harris is undertaking to protect Californians’ privacy, especially in light of technological advances and the growth of the “internet of things.”  The form is available at

“In the information age, companies doing business in California must take every step possible to be transparent with consumers and protect their privacy,” said Attorney General Harris. “As the devices we use each day become increasingly connected and more Americans live their lives online, it’s critical that we implement robust safeguards on what information is shared online and how. By harnessing the power of technology and public-private partnerships, California can continue to lead the nation on privacy protections and adapt as innovations emerge.”

In 2011, the Future of Privacy Forum (FPF) conducted a study which found that many mobile apps were missing privacy policies, prompting the Attorney General to secure a first-of-its-kind agreement with the leading mobile application platforms, including Apple, Google Play and Amazon, to improve compliance; this agreement was later expanded to include Facebook. As a part of her continued commitment to privacy, Attorney General Harris directed her office to conduct a five-year review on mobile app compliance with CalOPPA and commissioned the FPF to conduct a new study of the top 100 mobile apps.  In addition, the Attorney General’s office is collaborating with computer scientists at Carnegie Mellon University to review apps in the Google Play store for compliance with the law and consulting with privacy experts, designers, and researchers to assess the effectiveness of CalOPPA and the “Do Not Track” legislation, which was sponsored by Attorney General Harris.  

A new FPF study, released in August 2016, found that the number of apps with privacy policies has risen substantially since the 2012 Mobile App Agreement—up from 30% to 80%; but the study also highlighted a notable and persistent gap, particularly in health and fitness apps, which often collect sensitive personal information but are less likely than other apps to have a privacy policy. The CMU research revealed that some mobile apps employ data practices that are not properly disclosed in their privacy policies, especially as they pertain to information sharing with third parties. This research indicates that while much progress has been made, more needs to be done to ensure companies are protecting consumers’ privacy and employing transparent practices. 

In response to the analysis of CalOPPA compliance, Attorney General Harris is today launching an online tool allows consumers to “crowdsource” privacy policy violations, exponentially increasing the California Department of Justice’s ability to identify and notify those in violation of CalOPPA.  To use the tool, consumers who have identified an operator that may not be in compliance can simply visit to report the finding.    

The CalOPPA form is part of a multi-pronged approach to improve online privacy. The Attorney General’s office is also partnering with the Usable Privacy Policy Project at Carnegie Mellon University to develop a tool that will identify mobile apps that may be in violation of CalOPPA. The tool is designed to look for discrepancies between disclosures in a given privacy policy and the mobile app’s actual data collection and sharing practices (for example, a company might share personal information with third parties but doesn’t disclose that in its privacy policies).  This tool will help proactively identify and focus attention on policies that may require enforcement.

With the passage of CalOPPA in 2003, California became the first state in the nation to require commercial websites and online services to post privacy policies and the initiatives Attorney General Harris is leading will help strengthen California’s online privacy laws. Any operator in the world that collects personally identifiable information such as name, address, email address, phone number, or Social Security number from California consumers is required to comply. The privacy policy must include the categories of information collected, the types of the third parties with whom the operator may share that information, instructions regarding how the consumer can review and request changes to his or her information, and the effective date of the private policy. Assembly Bill 370, which Attorney General Harris sponsored, expanded this law in 2013 requiring privacy policies to include information on how the operator responds to ‘Do Not Track’ signals or similar mechanisms, as well as requiring privacy policies to state whether third parties can collect personally identifiable information about the site’s users. 

Attorney General Harris has a long track record of encouraging innovative and growth while protecting consumers’ privacy online. Earlier this week, she announced a new initiative—the California Cyber Crime Center—to help law enforcement fight crime in the digital era.  The center includes the California Department of Justice’s Privacy Enforcement and Protection Unit, which Attorney General Harris created in 2012. The Unit is responsible for enforcing state and federal privacy laws, providing Californians with information and strategies on how to protect their privacy, and encouraging businesses to follow best protection practices. Throughout her administration, the Attorney General has prosecuted and reached settlements with major corporations including Anthem Blue Cross, Citibank, Kaiser, Comcast, Houzz and Wells Fargo Bank for violating California’s privacy protection standards.  Attorney General Harris has also released numerous consumer alerts to help Californians, including alerts on how to adjust the location settings on your mobile phone and protect against identity theft, as well as consumer information sheets on a broad range of privacy issues.

Attorney General Harris is also strongly committed to data security, safeguarding consumers’ sensitive online information. In February, Attorney General Harris released a data breach report detailing the nature of reported breaches in the last four years, accompanied by recommendations for business and lawmakers including pointing to standards regarding “reasonable security” for protecting personally identifiable information. The office recently conducted a set of workshops for small businesses in conjunction with security experts from the Center for Internet Security.

Attorney General Issues Consumer Alert on Staying Safe While Having Fun with Pokémon Go

July 22, 2016
Contact: (916) 210-6000,

SACRAMENTO - Attorney General Kamala D. Harris today issued a consumer alert advising Californians to use care when playing location-based virtual games, such as the Pokémon Go treasure hunt app, just released this month.

Pokémon Go is an augmented reality application that generates a virtual treasure hunt taking place in the real world. Consumers of all ages, including minors, play it on their mobile devices. Using the forward-facing camera on a mobile device, players search for Pokémon characters in their vicinity, including at local parks, landmarks, and retail locations.

For Pokémon Go to work, a player must grant the app access or “permission” to his or her mobile device’s GPS function, location, and camera when downloading the app. To play and “capture” the virtual Pokémon creatures, the player must then go to physical locations, called “Pokéstops” or “gyms,” where other players may also be gathering.   

Consumers should be aware that the virtual experience in Pokémon Go can expose players to physical danger. For example, there have been reports of predators and thieves adding beacons or “Lure Modules” to Pokéstops to bait individuals playing the game to certain locations in order to steal from them. Recently in Southern California, two men were so distracted that they fell off a cliff while playing Pokémon Go, and another man playing the game alone late at night in a park in Anaheim was stabbed multiple times by a group of men when he was distracted.

The Attorney General offers consumers the following tips to help them better ensure their physical safety and protect sensitive location data while still having fun playing Pokémon Go:

  • Stop and think before you share your personal information with an app.
  • If you elect to download Pokémon Go and therefore allow the app access to the location function of your device, you should deactivate the app’s location access when you are not using it. This prevents Pokémon Go from “running in the background” and having access to your location when you are not playing.-On Android phones, review the permissions tab on app pages in Google Play store, which displays the information and features that the app can access on your phone.
    -On iPhones, review the permissions you have already granted by viewing Pokémon Go in iPhone Settings. Make sure you are operating the updated version of the app to protect the security of your mobile device and privacy of your data.
  • Consumers and parents should take the time to review the privacy settings on their mobile devices and the permissions within the app.
  • To prevent children from making in-app purchases – buying extra content and subscriptions once the app has been downloaded – parents can adjust the settings on their mobile device. For iPhones, turn off in-app purchases and for Android, set your phone to request a password before purchases can be made. For parents who do not want to create a Google account for their child, there is an option to create a Pokémon Trainer account. Parents also have the right to refuse collection, use, and/or disclosure of their child’s personal identifiable information by directly notifying the game’s developer, Niantic.
  • As you search for characters, remember that Pokémon Go is a game you play in public, with the public. As you play, be aware of your surroundings and the people around you. If possible, only go to a Pokéstop with a friend or partner. 
  • Parents and guardians should take extra care to know where children are going, when and with whom when they are playing the game.
  • Pokémon Go characters and locations are randomly generated and some real locations may be dangerous or unsafe for players to enter. Stay alert and always watch where you’re going – being distracted by a phone in your hand could make you a target for a crime or susceptible to injury. 
  • Don’t trespass onto private property and don’t go into areas that are unfamiliar or risky to your personal safety. 
  • Business owners and local leaders can play a role in community safety by determining if their business, park or landmark is a Pokéstop or gym. 
  • Don’t play Pokémon Go while you are operating a vehicle or riding a bike or skateboard.

The Attorney General has published a consumer information sheet that gives step-by-step instructions for better controlling your location privacy on iPhone and Android devices: Location, Location, Location Tips on Controlling Mobile Tracking

Also see Getting Smart About Smartphones: Tips for Consumers for general information on protecting privacy when using mobile devices.

Attorney General Kamala D. Harris Releases 2015 California Crime Reports

July 1, 2016
Contact: (916) 210-6000,

For the first time, Attorney General publishes the report’s raw data to encourage researchers to further analyze data to address issues in the criminal justice system

SACRAMENTO - Attorney General Kamala D. Harris today announced the release of four annual crime reports, which provide law enforcement agencies and the public with statewide data on crime statistics in their communities.

The reports released include:

The Attorney General is also making raw data from the Crime in California report easily and widely available in an effort to promote transparency and encourage researchers, academics and interested parties to further analyze the data. The information can be accessed via the Attorney General’s OpenJustice website, which shares key findings in its data stories and publishes raw data on its data portal from the California Department of Justice’s statewide repository of criminal justice datasets.    

This March, Attorney General Harris and Assemblymember Jacqui Irwin introduced Assembly Bill 2524, which would convert Crime in California and other criminal justice annual reports published by the California Department of Justice into a set of key findings, data visualizations, and downloadable digital datasets that will be updated quarterly on the Attorney General’s OpenJustice Web portal. 

Crime in California 2015 presents statewide statistics for reported crimes, arrests, dispositions of adult felony arrests, adults placed on probation, full-time criminal justice personnel, citizens’ complaints against peace officers, domestic violence related calls for assistance, and law enforcement officers killed or assaulted. Highlights for 2015:

  • The violent & property crime rates per 100,000 population increased from 2014 to 2015; the 2015 rates are 2.9% and 0.4%  lower than 2010 (respectively)
  • From 2010 to 2015, the robbery and aggravated assault rates decreased 13.2% and 1.1%, respectively  
  • The arrest rate decreased by 4.5% from 2014 to 2015; a total of 1,158,812 arrests in the state in 2015; the lowest since 1969 (1,212,845 arrests in 2014) 
  • Misdemeanor Driving Under the Influence arrests decreased for the fifth year in a row
  • Adult felony arrest rates decreased by approximately 29% (predominantly burglary and drug offenses) and adult misdemeanor rates increased by 10% (also predominantly burglary and drug offenses) most likely due to the reclassification of prop 47 crimes
  • There was an 8.1% increase in all aggravated assaults and 15.7% increase in aggravated assaults with a firearm from 2014 to 2015
  • Assaults on peace officers increased by 10% from 2014 to 2015

Homicides in California 2015 contains information related to homicide, including demographic data on victims, persons arrested for homicide, persons sentenced to death, peace officers feloniously killed in the line of duty, and justifiable homicides. Highlights from 2015:

  • The homicide rate increased in 2015 (from 4.4 to 4.8 per 100,000); a total of 1,861 homicides in the state 
  • Over the past decade the homicide rate ranged from a high of 6.9 in 2006 to last year’s low of 4.4
    • In 2015, 82.8% of homicide victims were male and 17.2% were female
    • The largest proportion of victims has consistently been Hispanic
    • There were 163 justifiable homicides reported in 2015, with 130 committed by a peace officer and 33 committed by a private citizen
    • Firearms are used in over 70% of homicides in 2015; there was a 9.2% increase in the number of homicides with a firearm compared to 2014 

Hate Crime in California 2015 reports statistics on hate crimes that occurred in California during 2015. Highlights from 2015:

  • Hate crime events increased 10.4% from 758 in 2014 to 837 in 2015; the vast majority of this increase is attributed to an uptick in events involving religious bias
  • Hate crime events involving a religious bias increased 49.6% from 127 in 2014 to 190 in 2015
  • Hate crime events with a sexual orientation bias are the second most common type of hate crime over the past 10 years (2006 – 2015)
  • The total number of hate crime events has decreased 35.9% from 1,306 in 2006 to 837 in 2015
  • Anti-Islamic (Muslim) bias events increased from 18 in 2014 to 40 in 2015; anti-Jewish bias events rose from 80 in 2014 to 97 in 2015.
  • Hate crime events targeting Hispanics increased 35% from 60 in 2014 to 81 in 2015.
  • Anti-black motivation hate crimes continue to the most common hate crime, accounting for 31.9% (3,443) of all hate crime events since 2006.

Juvenile Justice in California 2015 provides insight into the juvenile justice process by reporting the number of arrests, referrals to probation departments, petitions filed, and dispositions for juveniles tried in juvenile and adult courts. Highlights from 2015:

  • Juvenile arrests decreased for the seventh year in a row and are at the lowest levels ever
  • There were 71,923 juvenile arrests reported by law enforcement agencies in 2015, down 17% from 2014
  • In 2015 more than half of the juvenile (58.2%) arrests were for a misdemeanor offense and nearly a third (29.7%) were arrested for a felony offense  
  • Among those arrested in 2015, 53% were Hispanic/Latino, 22% were white, and 19% were Black 

A complete copy of the reports can be found here:

Attorney General Kamala D. Harris Files Lawsuit Against Pong Marketing & Promotions Inc. Over Illegal Gambling Devices

May 20, 2016
Contact: (916) 210-6000,

SACRAMENTO - Attorney General Kamala D. Harris today filed a lawsuit against Pong Marketing & Promotions Inc., a major sweepstakes gambling software provider, for illegal gambling in violation of state criminal and unfair competition laws.  In the suit, filed in Solano County Superior Court, Attorney General Harris seeks injunctive relief and penalties of approximately $10 million.

Pong, a company based in Canada, provided software to sweepstakes cafes throughout California.  These cafes operate as mini-casinos, offering interactive gambling-themed games on computer gambling devices, which they market to a predominantly vulnerable, low-income clientele.  The California Supreme Court ruled that these machines are illegal gambling devices in violation of California Penal Code section 330b.  Pong then abandoned its sweepstakes model, changing its software to a purported skill-based system, retaining the gambling devices and having players redeem cash prizes by executing the “skill” of clicking a mouse to stop a moving cursor before the time expires.

“When casinos are allowed to masquerade as cafes in our neighborhoods, it both deceives consumers and undermines public safety,” said Attorney General Harris. “Software providers who misrepresent their games as lawful must be held accountable for their role in facilitating criminal activity.  I thank our law enforcement partners across the state for their efforts to shut down these illegal gambling operations.”

Sweepstakes gambling enterprises are a major problem nationwide, estimated to earn over $10 billion a year.  In California, Attorney General Harris has pioneered the use of the Unfair Competition Law to provide stronger monetary remedies against these operators. 

The Attorney General’s office works in tandem with local law enforcement agencies across California as part of the Sweepstakes Gambling Task Force to dismantle illegal gambling operations. The Sweepstakes Gambling Task Force includes the California Attorney General’s Office, Contra Costa County District Attorney Mark A. Peterson, Fresno County District Attorney Lisa A. Smittcamp, Kern County District Attorney Lisa S. Green, Merced County District Attorney Larry Morse II, Riverside County District Attorney Michael A. Hestrin, Solano County District Attorney Krishna Abrams, San Diego County District Attorney Bonnie M. Dumanis, Sonoma County District Attorney Jill R. Ravitch, Tulare County District Attorney Tim Ward, and Los Angeles City Attorney Mike Feuer.

Attorney General Kamala D. Harris Announces Settlements Totaling $4.95 Million with LG, Hitachi, Panasonic, Toshiba and Samsung Over Price-Fixing Scheme

March 30, 2016
Contact: (916) 210-6000,

SAN FRANCISCO - Attorney General Kamala D. Harris today announced a preliminary approval of settlements resolving allegations that LG, Hitachi, Panasonic, Toshiba, and Samsung, companies all based in Japan or Korea, fixed prices on critical components of televisions and computer monitors from 1995 to 2007.  Those critical components, known as Cathode Ray Tubes or CRTs, were used to display images on computer monitors and televisions screens before they were replaced by flat screens. The court has approved the settlement pending valid objections submitted within 60 days.    

The companies’ price fixing scheme caused damage to California consumers and government entities that overpaid for their televisions and computers. The announced settlement has led to legally enforceable judgments against these foreign companies.

“LG, Hitachi, Panasonic, Toshiba, and Samsung deliberately targeted the U.S. market to raise prices for televisions and computers worldwide,” said Attorney General Harris. “These settlements bring justice and relief to California consumers and end the malicious practice of price-fixing by these companies.”

The settlements, which were filed in San Francisco Superior Court, require all five companies to pay a total of $4.95 million to settle claims of overcharges paid by California government entities, general damages suffered by the State’s economy, and civil penalties. The settlements require that the companies pay back the illegally obtained profits to those affected by their actions. In addition, the settlements include injunctive relief, which requires that each company engage in company-wide antitrust compliance training and reporting that involves products in addition to CRTs and extends to foreign companies and subsidiaries. Finally, the settlements include requirements, enforceable by the court via fines and imprisonment, to prevent future violations of antitrust law. 

In 2011, after the Office of Attorney General Harris conducted a confidential investigation into price-fixing involving CRTs, Attorney General Harris filed complaints against these companies for having entered into a price-fixing conspiracy of critical components of television and computer screens. That conspiracy involved top-level meetings of key executive decision-makers in Asia and Europe to set prices and outputs of CRTs.  It also involved worldwide meetings among lower-level executives to exchange confidential information.  Californian subsidiaries of these companies were involved in this conspiracy and took on the role of monitoring the prices of televisions and computers in California stores.

This case, filed by Attorney General Harris, requested the court award damages to California consumers. A parallel case filed by private counsel in federal court, known as the Indirect Purchaser Plaintiffs, also requested damages on behalf of Californians, and Attorney General Harris and the Indirect Purchaser Plaintiffs coordinated their discovery and settlement efforts.

Due to these coordinated efforts, California consumers or sole proprietorships that purchased at least one television or computer between 1995 and 2007 can make a claim, with a guaranteed minimum check of $25.

All eligible California consumers and sole proprietorships can file claims for reimbursement at The new deadline for filing those claims is June 30, 2016.

In December 2015, Attorney General Harris announced a settlement resolving allegations that Pratibha Syntex Ltd., a company based in India, gained an unfair competitive advantage over American-based companies by using pirated software in the production of clothing imported and sold in California. The settlement, which was filed in Los Angeles Superior Court, required Pratibha Syntex to pay $100,000 in restitution, prohibited Pratibha Syntex from using unlicensed software or reproducing any part of a copyrighted software program without the permission of the legitimate copyright holder, and required the company to perform four complete audits of the software on their computers and fix any violations within 45 days. That case marked the first time a state has secured a legally enforceable judgment against an international company for these types of violations. 

Copies of the complaint, memorandum in support of preliminary approval, and the order granting preliminary approval, are all attached to the online version of this release at  Further details can also be found at

Attorney General Kamala D. Harris Advises Californians to be Cautious of Scams during this Tax Season

March 28, 2016
Contact: (916) 210-6000,
SAN FRANCISCO — With Tax Day fast approaching on April 18, 2016, Attorney General Kamala D. Harris today issued a consumer alert, advising taxpayers to be wary of schemes targeting hardworking Californians during this tax season.  Each year, millions of California taxpayers file their taxes and many look forward to receiving tax refunds.  Unfortunately, tax season also draws scam artists who prey on individuals who may need help with filing their taxes.  This alert explains some of the most common tax season scams and provides resources to help Californians find reputable tax help.  In addition to this written alert, Attorney General Harris has also released the second in a “Consumer Spotlight” audio series highlighting consumer issues across the state.  This radio story focuses on Tax Season Scams and includes one Californian’s story about a tax impersonation scam, discussion of other common tax season concerns, and resources to find tax help.  Listen (Radio Story) 5:41


IRS Impersonation Scams One of the most common scams begins with an unsolicited call or email from a person claiming to represent the IRS.  Sometimes the caller will claim to have information about an unexpected tax refund.  Other “representatives” may demand immediate payment of a phony tax bill, threatening that the consumer will be sued or even arrested if she does not comply.  Consumers should hang up the phone or delete the email because the IRS does not initiate contact with taxpayers by telephone or email, nor does it demand immediate payment without first offering the taxpayer the opportunity to appeal.  Seniors and immigrants in particular may be targeted by these scams, and should exercise caution. Tax Preparation Scams Consumers should also be on the lookout for dishonest tax preparers.  Some deceptive preparers may falsify returns in order to claim an inflated refund, only to keep portions of the inflated refund for themselves.  Others may steal the taxpayer’s identity and use it to file a completely fraudulent return.  Finally, as the implementation of the Affordable Care Act continues, consumers should look out for a new scam in which tax preparers incorrectly tell consumers they owe a health coverage penalty that they must pay to the preparer.  Unnecessary High Cost Products Consumers should also steer clear of high-cost products that allow them to pay the cost of tax preparation out of their refund.  These Refund Transfers or Refund Anticipation Checks do not get consumers a faster refund and generally have triple-digit annual interest rates.  


While the overwhelming majority of tax professionals are honest, the tips below can help consumers avoid the deceitful ones.  Free tax preparation assistance is also available for seniors, the disabled, individuals whose first language is not English, and people with incomes under $54,000.  Individuals who qualify for free assistance should start by visiting the IRS website to find free tax prep help near you.  Those who do not qualify for free assistance should follow these tips when searching for a legitimate tax preparer.
  • Look for a tax preparer with a longstanding presence and trustworthy reputation in the community.
  • Always verify that the tax preparer is either registered with the state or exempt from registration because he or she is an attorney, a certified public accountant, or an IRS-enrolled agent.  Visit the California Tax Education Council’s website to check a preparer’s status and for more information about registration and exemption requirements.
  • Make certain the preparer has a valid IRS Preparer Tax Identification Number (PTIN).  Use the IRS Directory of Federal Tax Return Preparers to research tax professionals.
  • Beware of suggestions that a tax preparer will exploit hidden loopholes or uncover little-known deductions to obtain a bigger refund than the competition.  As a taxpayer you are responsible for the return that you file, so do not allow scammers to coax you into falsifying information.  If a promise seems too good to be true, it probably is.
  • Always review a tax return before signing it and watch out for suspicious signs like too many dependents claimed or tax credits that do not seem applicable or have not been clearly explained.  And never, ever sign a blank return.
  • Keep a copy of the return.  Honest preparers should provide copies of the return that may be needed for future reference or to answer questions from the IRS.
  • Review the IRS Tips on “How to Select an Income Tax Return Preparer.”  


  • Free tax assistance is widely available through the IRS Volunteer Income Tax Assistance (VITA) program for taxpayers with disabilities or limited English proficiency, as well as those with incomes under $54,000.  Visit the VITA website for more information
  • The Tax Counseling for the Elderly (TCE) program also offers free services focusing on issues affecting seniors.  Visit the TCE program website for more information. 
  • Visit the IRS website for more information on finding free tax help
  • Both the IRS and the Treasury Inspector General for Tax Administration  maintain informative websites with detailed information on the latest scams.
  • Consumers can report suspected tax scams to the Office of the Attorney General.  To submit a complaint, please use one of the following forms:
English: En Español: 中文: Tiếng Việt:

Attorney General Kamala D. Harris Introduces Legislation to Improve the Collection and Publication of Criminal Justice Data

March 21, 2016
Contact: (916) 210-6000,

SACRAMENTO – Attorney General Kamala D. Harris and Assemblymember Jacqui Irwin (D-Thousand Oaks) today unveiled legislation to modernize California’s collection and publication of criminal justice data. The OpenJustice Data Act builds on Attorney General Harris’s historic open data initiative, OpenJustice, to improve accountability and transparency in California’s criminal justice system.

“Data and technology have the power to dramatically increase transparency and accountability in our criminal justice system,” said Attorney General Harris. “This legislation will bring criminal justice data reporting into the 21st Century. I thank Assemblymember Irwin for standing with me to support the adoption of technology by law enforcement.”

Assembly Bill 2524 will convert Crime in California and other annual reports published by the California Department of Justice into digital data sets that will be published on the Attorney General’s OpenJustice Web portal.  These reports provide statistical summaries including numbers of arrests, complaints against peace officers, hate crime offenses, and law enforcement officers killed or assaulted. The OpenJustice Web portal will transform the way this information is presented to the public with interactive, accessible visualization tools, while making raw data available for public interest researchers.

"Right now we are sitting on mountains of valuable criminal justice data that local law enforcement work hard to provide in the public interest.  We need to make sure that this information is available to the public and that we are using it effectively.  AB 2524 is a common-sense measure that will help bring California into the 21st century,” said Assemblymember Irwin.

Additionally, AB 2524 will bring the state’s data collection into the 21st century by requiring local law enforcement agencies to submit all currently required statistical reports digitally.  Despite the fact that electronic reporting provides for more accurate and efficient data submission, approximately 60% of local law enforcement agencies still submit required data to the California Department of Justice (DOJ) on paper.  The OpenJustice Data Act will direct all agencies to transition to digital reporting, which will improve the quality and completeness of data, allow for more frequent updates to data contained within the OpenJustice Web portal, and ensure a much more efficient use of taxpayer resources in the long-term.

“I look forward to working with Attorney General Harris and Assemblymember Irwin to further advance our commonly shared goal of strengthening the relationships between law enforcement and the communities in which we live and serve.  Law enforcement leaders across California stand ready to ensure that the modernization of data reporting is feasible for even the smallest of police departments.  The alchemizing of this data will serve to better inform Californians about the crime our officers encounter every day and the subsequent actions taken,” said Oxnard Police Chief Jeri Williams.

Attorney General Harris first launched the OpenJustice initiative in 2015 as a mechanism for improving community trust in law enforcement, enhancing government accountability, and informing public policy. 

Last month, the Attorney General announced the release of OpenJustice 1.1, which enriched the Web portal’s initial data sets with city, county, and state level context including population and demographic information, unemployment rates, poverty rates, and educational attainment levels.  In addition to providing greater transparency, this information enables policymakers to craft informed, data-driven public policy.

Attorney General Harris has announced that the Department of Justice will augment the OpenJustice Web portal with new criminal justice datasets created through recent legislation, including reports on racial and identity profiling (AB 953, Weber) and officer and civilian-involved uses of force (AB 71, Rodriguez). 

Attorney General Harris has also taken several steps to strengthen the trust between law enforcement and California communities.  She directed a 90-day Review of her Division of Law Enforcement’s policies on use of force and implicit bias, convened the state’s law enforcement leaders to share best practices through her 21st Century Policing Working Group, created the first POST-certified course on Procedural Justice and Implicit Bias in the U.S., and developed a pilot for body-worn cameras for DOJ Special Agents.

Attorney General Kamala D. Harris Issues Consumer Alert Warning California Businesses to be Aware of Phishing Scams Targeting the Workplace

March 18, 2016
Contact: (916) 210-6000,

SAN FRANCISCO - Attorney General Kamala D. Harris today issued a consumer alert warning California businesses to be aware of phishing scams that target the workplace and can lead to data breaches and loss of funds. The scam is commonly called “brand spoofing” or “phishing” because the spam mail sent uses familiar or legitimate-sounding names of companies to trick consumers into disclosing confidential personal information. In the last few weeks, the California Department of Justice has received notifications of data breaches from California companies that have fallen victim to this type of scam. 

Complaints and reports describe cybercriminals sending fake emails to businesses in an attempt to trick employees into handing over critical data and in some instances money.  Based on recent attacks, these phishing emails will falsely appear to be coming from an executive within the business and will be sent to employees that have access to sensitive data and finances.  For example, an email that looks like it is being sent from an executive may direct an employee in the finance department to transfer money to an account outside the country or an email sent to an HR manager may ask for all employee W2 forms to be sent to a fake CEO email address.

When employees respond to such emails, they may be facilitating a data breach that puts their co-workers or others at risk of identity theft and subjects their company to significant monetary and reputational costs.

The FBI has issued a public service announcement warning about business email compromise, and the Identity Theft Resources Center and security experts have also warned about this type of scam.

There are measures businesses can take to reduce the risk of falling victim to such scams.  In the latest California Data Breach Report, issued last month, the Attorney General‘s office discussed minimum reasonable security controls that businesses should implement, including some that address phishing.

Tips on Combatting Phishing in the Workplace

  • Educate employees on phishing, focusing on the types of data likely to be targeted in individual job roles.
  • Control access to sensitive data and systems with a “need-to-know” and “least privilege” policy.
  • Implement multi-layered network boundary defenses that can detect anomalies in inbound and outbound traffic.
  • Use two-factor authentication to confirm requests to transfer funds (such as phone verification of an email request – to a pre-established number, not one provided in the email).
  • Implement malware defenses, to protect against malicious software delivered by phishing emails (and other vectors).
  • “Whitelist” software that is authorized to run on your network, and prevent execution of all others.

For More Information

California Attorney General’s California Data Breach Report (February 2016)

FBI on Business Email Compromise (August 2015)

Identity Theft Resources Center on CEO Phishing (March 2016)

Krebs on Security, Phishers Spoof CEO, Request W2 Forms (Feb. 2016). 

Attorney General Kamala D. Harris Releases OpenJustice v1.1

February 17, 2016
Contact: (916) 210-6000,

LOS ANGELES - Attorney General Kamala D. Harris today announced the release of OpenJustice v1.1, the next version of her criminal justice transparency initiative, which seeks to make public an unprecedented amount of data in easy-to-use and digestible ways so that we can hold ourselves accountable and improve public policy to make California safer. The OpenJustice v1.1 rollout includes new features focused on allowing Californians to better understand how the criminal justice system is working in their specific communities.

Now at a city, county, and state level, the OpenJustice Dashboard shows crime, clearance, and arrest rates, as well as arrest-related deaths, deaths in custody, and law enforcement officers killed or assaulted. Because public safety is also impacted by many societal factors outside of law enforcement, the Dashboard incorporates important contextual data such as population and demographic information, unemployment rates, poverty rates, and educational attainment levels. Through interactive maps, charts and tools, everyone – from communities to law enforcement to policymakers – will be able to identify where our system is doing well to promote public safety and equity in the justice system, and in what areas we must continue to improve.

“OpenJustice adds accountability and transparency to California’s criminal justice system – helping to rebuild the trust between law enforcement and the communities we are sworn to protect,” said Attorney General Harris. “This data helps clarify a simple truth: too many boys and young men of color are being arrested and killed by police. By releasing vast amounts of criminal justice data, OpenJustice v1.1 adds numbers and facts to the national debate on police-community relations. Law enforcement agencies across the nation should embrace data-driven policy changes to improve our criminal justice system and make our streets safer.”

In September 2015, Attorney General Harris launched OpenJustice by publishing three data sets at a statewide level, and committing to continue to release additional criminal justice data collected by the California Department of Justice. OpenJustice v1.1 delivers on that promise by releasing new data and at a more detailed level.

For each data set, anyone can use the Dashboard to look at overall trends, and also sort by race, gender, and age to better understand how different demographic groups are impacted by the justice system. The updated site also enables users to see the types of crimes (violent and property) and arrests (felonies and misdemeanors) across jurisdictions, compared to the California and national averages, and over time. In addition, the site continues to highlight the real danger that law enforcement personnel face everyday to keep our communities safe.

The OpenJustice initiative builds on Attorney General Kamala D. Harris’s leadership by deploying 21st century “Smart on Crime” approaches to improve public safety.  As California’s chief law enforcement officer, Attorney General Harris has worked to introduce new technology to the Department of Justice and law enforcement agencies across the state.  She has also championed the use of data to measure outcomes in public education and understand their impact on the criminal justice system.

In addition to OpenJustice, Attorney General Harris has also taken several steps to strengthen the trust between law enforcement and California communities. She directed a 90-day Review of her Division of Law Enforcement’s policies on use of force and implicit bias, convened the state’s law enforcement leaders to share best practices through her 21st Century Policing Working Group, created the first POST-certified course on Procedural Justice and Implicit Bias in the U.S., and developed a pilot program to test body-worn cameras within the Department of Justice.

The OpenJustice Dashboard will continue to spotlight metrics from across the justice system and a broad array of data sets will be released to foster accountability and trust. This tool will enable researchers, civic coders, journalists, and policymakers to help tackle seemingly intractable problems in the criminal justice system. 

To view all of the data released today, visit OpenJustice (

Attorney General Kamala D. Harris Releases Data Breach Report; Over 49 Million Records of Californians’ Personal Information Put at Risk in Last Four Years

February 16, 2016
Contact: (916) 210-6000,
SAN FRANCISCO – Attorney General Kamala D. Harris today addressed the Stanford Cyber Initiative to release a comprehensive report detailing the nature of data breaches reported to her office over the past four years.  The report found that between 2012 and 2015, there were 657 data breaches, which compromised over 49 million records of Californians’ personal information.   The report is accompanied by recommendations from the Attorney General for organizations, businesses and lawmakers on how to protect against data breaches, and points to a specific set of actions that companies and organizations should start with to meet the state and federal mandates of reasonable security. Last year, 178 breaches placed 24 million records of Californians at risk.  This means that as many as three in five Californians may have been victims of a data breach in 2015 alone. “Government and the private sector have a shared responsibility to safeguard consumers from threats to their privacy, finances, and personal security,” said Attorney General Harris.  “California is leading the nation with measures to prevent data breaches, but we can do better.  This report clearly articulates basic steps that businesses and organizations must take to comply with the law, reduce data breaches, and better protect the public and our national security.” The report includes information on the most common types of data breached, explains what types of breaches different industry sectors were most susceptible to, and provides recommendations to reduce the frequency and impact of future breaches.

Types of Data Breached 

  • Social Security numbers, payment card data, and medical information were the top three types of data breached over the past four years.

Industry Sectors 

  • The retail sector has been the most vulnerable industry, accounting for 24% of breaches and 42% of records breached in the past four years.
  • The financial sector accounts for the second largest share of breaches at 18%, and 26% of records breached. Social Security numbers are the most common data breached in this sector.
  • The healthcare industry accounts for 16% of breaches, and continues to be particularly vulnerable to physical breaches.
  • Small businesses represent 15% of all reported breaches.

Recommendations for Organizations

  • Adopt the Center for Internet Security’s Critical Security Controls as the start of a comprehensive information security program, since not doing so would be indicative of a failure to provide reasonable security.
  • Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.  This procedure provides greater protection than the username-and-password combination typically used for online shopping accounts, health care websites and patient portals, and web-based email accounts.
  • Consistently use strong encryption to protect personal information on laptops and other portable devices, and consider using it for desktop computers.  This is particularly important for health care, which appears to be lagging behind other sectors in this area.
  • Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files.  This measure is free, fast, and effective in preventing identity thieves from opening new credit accounts.

Recommendations for State Policy Makers

  • Collaborate to harmonize state breach laws on key dimensions.  Such an effort could reduce the compliance burden for companies, while preserving innovation, maintaining consumer protections, and retaining jurisdictional expertise.

As data threats evolve, California must remain at the forefront of identifying and implementing creative and effective ways to fend off attackers.  In 2004, California passed its information security statute (AB 1950, Wiggins), which requires businesses that collect personal information to use “reasonable security practices and procedures.” In 2003, California became the first state to mandate data breach notification, requiring businesses and state agencies to inform consumers when a security breach compromises their personal information (AB 700, Simitian). As of 2012, any breach involving more than 500 Californians must be reported to the Attorney General’s Office (SB 24, Simitian).

Attorney General Harris has invested the best talent and resources of the California Department of Justice into the fight for cyber security.  In 2011, she created the eCrime Unit, which is tasked with investigating and prosecuting large-scale identity theft, technology crimes, and crimes that target electronic devices, networks, or intellectual property.  In 2012, Attorney General Harris established the Privacy Enforcement and Protection Unit to enforce and regulate state and federal laws regulating the collection, retention, disclosure, and destruction of personal information, as well as to educate organizations and consumers on privacy responsibilities and rights.

Furthermore, a number of recommendations from Attorney General Harris’s previous data breach reports have been enacted into law.  SB 46 (Corbett), which took effect in January 2014, added online account credentials to the list of personal data covered under SB 24 (Simitian).  In 2014, AB 1710 (Dickinson) was enacted, requiring the source of a breach of such data to offer identity theft prevention or mitigation services at no cost to the affected person and for no less than 12 months.  The law took effect in January 2015.  In 2015, SB 570 (Jackson) amended the breach law to require the use of a format for breach notices that makes them easier to understand. It took effect in January 2016.

View the full California Data Breach Report February 2016.