How New CA Privacy Law Affects You (Plus 3 Potential Hot Spots)
How are you notifying visitors to your Web site about the information you collect from them when they visit or register? If it’s with a privacy policy that you’ve buried on an inside page or with a teeny-tiny little link or icon, you’re violation a new California privacy law.
If a California resident accuses you of violating the law, which extends current state privacy law to cover Web sites and online services, you get 30 days to fix the problem. If you don’t, that resident could sue you.
The Online Privacy Protection Act of 2003 requires any Web site operator who collects “personally identifying information” from California residents to have a clearly marked and accessible privacy policy, which meets four conditions:
Condition 1: List all the categories of personal information you collect at your site and whom you share that information with.
(“Personal information” is full name, address, email address, phone, Social Security number, anything else that would let you reach an individual and anything you collect in a cookie or other online device.
Condition 2: Explain whether and how visitors can review and change their personal information.
Condition 3: Explain how you notify users that you have changed your privacy policy.
Condition 4: Post the policy’s effective date.
You also can’t bury your privacy policy on an interior page unless you link to it with an eye-catching icon or text link whose type size is larger than the rest of the copy on the page.
Esteemed ContentBiz Publisher Anne Holland also found three vague areas in the law, too:
Grey Area #1. Email programs
Check with your own legal advisers if the term “online service” equals your emails to house lists. We suspect it does. So, you may have to make your privacy link much more conspicuous there.
Grey Area #2. Landing pages
Also, check with legal to see if you should assume the Act extends to campaign microsites and landing pages which may not be obviously part of your main site. We suspect it may, and this means you’ll need to change your privacy policies there, too.
Grey Area #3. Third-party-hosted registration forms
If you collect any consumer data using third-party services such as a co-registration deal, an online lead generation service, or a co-branded marketing presence, check with legal to see if you need to fret about your partner’s privacy links and statements. We suspect you do.
You can read the law here (go ahead and check it out; it’s short and written in what to bureaucrats is plain English):
http://www.leginfo.ca.gov/pub/bill/asm/
ab_0051-0100/ab_68_bill_20031012_chaptered.pdf
Categories: Uncategorized