- Categories of personally identifiable information collected through the site or service about users or visitors;
- Categories of third parties with whom the operator may share the personally identifiable information;
- Description of process for a user or visitor to review and request changes to his or her personally identifiable information;
Personally identifiable information (PII) is defined broadly in the law as information about a consumer collected online and maintained by the operator in an accessible form. The types of information considered personally identifiable include the following:
• A first and last name
• A home or other physical address
• An email address
• A telephone number
• A social security number
• Any other identifier that permits the physical or online contacting of a specific individual
• Combinations of identifiers
The attorney general, Kamala D. Harris, makes recommendations in the guide to help companies comply with the new law.
The newest updated to the law that went into effect on January 1st add the following requirements for Privacy Notices:
- Disclose how the operator responds to Web browser “do not track” signals and requests
- Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites
The attorney generals office will begin to review privacy policies and provide companies 30-day warning to comply with the new laws.
- Recent New York Times article indicates that we’re that today virtually no site yet respects “do not track” requests coming from web browsers.
- California Mobile Privacy Recommendations
- California Business and Professional Code