In the current age of technology and necessary online presence, most businesses need a website to survive. If your business does run a website, you must ask yourself this question: do you need a privacy policy?Unless your website is non-interactive, such as a blog, the answer will be “yes.”
The California Online Privacy Protection Act applies to any person or company whose website or mobile application collects “personally identifiable information”from California consumers. It requires the website to feature a conspicuous privacy policy stating what information is collected and with whom it will be shared. The law also requires that the operator of the website complies with the listed privacy policy. If an operator fails to do so, they could be at risk of civil litigation. An experienced business lawyer in Los Angeles can assist you in ensuring that you and your website are compliant with the Act.
Does the Act apply to you?
As stated above, you must comply if your website or application collects “personally identifiable information.” This means any individually identifiable information, including a user’s name, email address, physical address, phone number, social security number, or any other identifiers that could permit the user to be contacted either physically or online.
Requirements of the Privacy Policy
If determined that your website or application does collect “personally identifiable information,” you will need to ensure that you are compliant with the requirements. In order for a privacy policy to be compliant with the law, it must:
- Be conspicuously posted on the website (either the policy itself or a conspicuous link to the policy);
- Identify the effective date of the privacy policy;
- Contain a list of the categories of personally identifiable information collected;
- Contain a list of the categories of third parties with whom the operator may share such personally identifiable information;
- Contain a description of the process- if any exists- by which the consumer can review and request changes to the personally identifiable information collected; and
- Contain a description of the process by which the operator notifies consumers of any material changes to the privacy policy.
Additionally, a 2013 Amendment to the California Online Privacy Protection Act requires new privacy policy disclosures for websites and online services’ tracking of visitors, defined as “the monitoring of an individual across multiple websites to build a profile of behavior and interests.”
Under this Amendment, privacy policies for websites or applications are required to:
- Disclose how the website responds to Do Not Track signals from web browsers;
- Disclose whether third parties may collect visitors’ personally identifiable information on a website;
and
- Provide a conspicuous hyperlink within the privacy policy to an “online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.”
Risks of Noncompliance
Although the Privacy Act does not contain enforcement provisions, it is expected that it will be enforced through California’s Unfair Competition Law. Furthermore noncompliant operators could also be susceptible to actions by the Federal Trade Commission, which may bring enforcement against those operators whose posted privacy policy is deceptive.
An experienced and reputable business attorney such as Afshin Hakim of Hakim Law Group can help ensure that your privacy policy is compliant with all regulations. To schedule an appointment please contact HLG at (424) 299-8913 or visit www.HakimLawGroup.com for further information.