On January 1st of 2014, Assembly Bill 370 (AB 370) took effect in the state of California, amending the California Online Privacy Protection Act (CalOPPA), a law which requires that website operators make certain disclosures to visitors about their privacy policies. Below is some information about the existing law and how it was changed by the amendment. For more specific information regarding the law and how it may apply to your website, call Claire Kalia today.

How did AB 370 change the existing requirements of CalOPPA?

CalOPPA was the first legislation of its kind in the United States and provided consumers with fairly robust privacy protections even prior to these amendments. The original version of the law required that any website that collects visitors’ personal information conspicuously posts a privacy policy that:

  • Identify the categories of personally identifiable information that the site collects and the categories of third-party persons or entities with whom the information may be shared
  • Provide a description of the process through which a visitor could request changes to the information collected, if such a process exists
  • Provide a description of how the website’s operator will notify consumers who visit the site about material changes to the privacy policy
  • Identify the effective date of the privacy policy

The new amendments to the law require that website owners disclose how the website responds to “Do Not Track” signals and whether the site shares personally identifiable information over time and across sites with third parties.

How can business owners ensure that their website complies with CalOPPA?

According to guidance issued by the California Attorney General’s Office, companies can comply with these new requirements by either describing how the website responds to Do Not Track signals or by providing visitors with a clear and conspicuous link to a Do Not Track mechanism to which the website’s operator will respond. Of these two options, the guidance document explains that the first is preferable, as it provides greater transparency regarding the company’s Do Not Track policy than simply providing a link.

Contact a Silicon Valley small business attorney for a review of your website’s privacy policies

Noncompliance with the requirements of CalOPPA could cost a business a significant amount of money and has the potential to result in the loss of goodwill from potential customers. For this reason, it is important for business owners who engage in data collection to discuss their online practices with an experienced lawyer. To schedule a consultation with California small business attorney Claire Kalia, call our office today at 650-701-7617 or send us an email through our online contact form.

- Claire Kalia


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.