CalOPPA. Privacy.
Did you know that California has one of the strictest set of privacy laws in the country…even more so than the federal government? California’s privacy and data security laws are extensive and stringent, designed to protect consumers. There are many laws which make up California’s bundle of privacy and data security laws. Today, this post will focus on The California Online Privacy Protection Act (CalOPPA).
Did you also know that when government rolls back regulation, that lack of, or dilution of regulation negatively impacts your privacy, allowing companies to do whatever they feel like doing—at your expense? Fortunately for those of us who live in California, we have a state that takes the protection of our privacy seriously. Does your state?
Here is what you should know if you are doing business in California or even thinking about collecting personal information from California residents.
Among other things, CalOPPA requires a privacy policy of anyone who operates a commercial website or operates any online service that collects personally identifiable information (PII) of a California resident. For example, if you operate a website for business of any kind or market through your website you must conspicuously post your privacy policy. It does not matter if you live in another state. If you collect information from California residents, you must comply. This applies to mobile applications as well as websites.
PII includes, but is not limited to:
- First and last name.
- Home address or other physical address.
- Email address.
- Telephone, fax, cell, Skype, or VOIP number.
- Social Security number.
- Anything else that allows you to identify a specific individual.
- Information concerning a user that the website or online service collects online from the user and maintains in personally identifiable form, combined with one of the other elements.
Privacy Policy Requirements.
CalOPPA requires that the privacy policy:
- Identify the categories of PII that the website or online service collects.
- Identify the categories of any 3rd party with whom the PII is shared.
- Describe the process consumers must go through to review and request changes to PII the website or online service collects.
- Describe the process used to notify consumers of any modifications to the privacy policy.
- Provide the policy’s effective date.
The California Attorney General has an online form where anyone can report a business that does not have a proper privacy policy that complies with the rules of CalOPPA. Here consumers can report websites, apps, and other online services that violate CalOPPA by failing to post adequate privacy policies or keep the commitments that they make in those privacy policies.
Sometimes folks upload template policies that they find online. Not a smart move unless the policy has been vetted by a competent attorney who understands California’s privacy laws. Take this seriously or pay later.
I’m attorney Francine Ward helping you stay safe. Join my conversation on my Facebook Law Page, my Twitter Law page, my Google+ page, or in one of my LinkedIn discussion groups. Until next time …
