Delta, which was warned in October, could face a penalty of $2,500 for each time its Fly Delta application has been downloaded California’s attorney general has sued Delta Air Lines for failing to include a privacy policy within the company’s mobile application, an alleged violation of the state’s Online Privacy Protection Act. The lawsuit, filed in Superior Court of San Francisco on Thursday, marks the first time the state has taken legal action to enforce the privacy law, which was enacted in 2004, according to a news release from Attorney General Kamala D. Harris. Delta also violates California’s Unfair Competition Law, the lawsuit alleged.Since 2010, Delta has distributed a mobile application called “Fly Delta” that allows people to manage their bookings, according to the suit. The application collects information such as a person’s name, phone number, birth date, email address, frequent flyer account number and pin code, photo and geo-location data. It is alleged in the lawsuit that Delta customers do not know how their data is collected or used by the airline.Delta could face a penalty of US$2,500 for each time a non-compliant mobile application is downloaded, the attorney general’s office said. The application has been downloaded millions of times from Google’s Play and Apple’s iTunes application markets, according to the lawsuit. Delta, which has its headquarters in Atlanta, could not be immediately reached for comment.Harris had been aggressive in pushing companies to comply with the law. Earlier this year, she created the Department of Justice’s Privacy Enforcement and Protection Unit, which is charged with enforcing the Online Privacy Protection Act, federal privacy laws and those relating to personal data and data breaches. In February, Harris reached an agreement with Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion to ensure applications hosted on their platforms have conspicuous privacy policies. In June, Facebook also signed an agreement committing to a privacy policy.In October, Harris warned companies and developers of the 100 most popular applications that did not have a privacy policy, including Delta.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe