California Online Privacy Policy Guidelines

California Online Privacy Policy Guidelines

On Wednesday, May 21st The California Attorney General published recommendations to support companies in their work to provide privacy policy statements that are meaningful to consumers.

Guidance: Making your Privacy Practices Public: Recommendations on Developing a Meaningful Privacy Policy

The California Online Privacy Protection Act of 2003 (CalOPPA) requires operators of commercial web sites and online services to conspicuously post a privacy policy and to comply with it.

As originally enacted, the law imposes requirements for what must be included in a privacy policy:

  • Categories of personally identifiable information collected through the site or service about users or visitors;
  • Categories of third parties with whom the operator may share the personally identifiable information;
  • Description of process for a user or visitor to review and request changes to his or her personally identifiable information;
  • Description of process for notifying users and visitors of material changes to the privacy policy; and
  • Effective date of the privacy policy

Personally identifiable information (PII) is defined broadly in the law as information about a consumer collected online and maintained by the operator in an accessible form.  The types of information considered personally identifiable include the following:

• A first and last name
• A home or other physical address
• An email address
• A telephone number
• A social security number
• Any other identifier that permits the physical or online contacting of a specific individual
• Combinations of identifiers

The attorney general, Kamala D. Harris, makes recommendations in the guide to help companies comply with the new law.

The newest updated to the law that went into effect on January 1st add the following requirements for Privacy Notices:

  • Disclose how the operator responds to Web browser “do not track” signals and requests
  • Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites

The attorney generals office will begin to review privacy policies and provide companies 30-day warning to comply with the new laws.


Read more:









Leave a Reply

You must be logged in to post a comment.