The California Online Privacy Protection Act (CalOPPA)
California Business and Professions Code 22575
Here is a partial list of the legal requirements from the California Business and Professions Code 22575:
(A) Includes the word “privacy.”
(B) Is written in capital letters equal to or greater in size than the surrounding text.
(C) Is written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language.
(4) Any other functional hyperlink that is so displayed that a reasonable person would notice it.
Law AB 370 amended to the California Business and Professions Code
This bill AB 370 would require an operator to disclose how it responds to “do not track” signals or other mechanisms that provide consumers a choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across different Web sites or online services. The bill would require the operator to disclose whether other parties may collect personally identifiable information when a consumer uses the operator’s Web site or service.
Other State Laws That Affect Website Privacy Policies
The Delaware Online Privacy and Protection Act
Nebraska Stat. § 87-302(14)
Pennsylvania 18 Pa. C.S.A. § 4107(a)(10)
Global Privacy Laws
Most websites are accessible worldwide; you are obliged to obey the privacy laws of the countries where your website is accessible to customers and visitors of those countries, even if you do not live there. As an example: if you live and operate a website in the U.S., you are required to obey the privacy laws of Australia, the United Kingdom, European Union, Canada and other countries that have privacy laws if visitors and users in those countries can interact and use your website.
The Personal Information Protection and Electronic Documents Act PIPEDA, is the Canadian law that governs privacy rights and regulations. This Act is also called the Digital Privacy Act. In June of 2015, the Digital Privacy Act (DPA) officially became law in Canada.
Like other countries, there is a similar theme with Canadian privacy laws that govern websites that collect any type of personal information.
Australian privacy laws commonly relate to the protection of an individual’s personal information.
Personal information is defined as information or an opinion about an identified individual, or an individual who is reasonably identifiable. Common examples are an individual’s name, address, telephone number, signature date of birth, bank account information, medical records, details and commentary or opinion about a person.
Other Laws You May Not Know About That Could Affect You
Section 17538(d) states that in any transaction involving a buyer located in California, a vendor, before accepting any payment, must disclose to the buyer in writing or by electronic communication (e.g. e-mail or on-screen notice): (1) the vendor’s return and refund policy; (2) the legal name of the vendor; and (3) the complete street address from which the vendor’s business is conducted.
(d) A vendor conducting business through the Internet or any other electronic means of communication shall do all of the following when the transaction involves a buyer located in this state:
(1) Before accepting any payment or processing any debit or credit charge or funds transfer, the vendor shall disclose to the buyer in writing or by electronic means of communication, such as e-mail or an on-screen notice, the vendor’s return and refund policy, the legal name under which the business is conducted and, except as provided in paragraph (3), the complete street address from which the business is actually conducted.
(2) If the disclosure of the vendor’s legal name and address information required by this subdivision is made by on-screen notice, all of the following shall apply:
(A) The disclosure of the legal name and address information shall appear on any of the following: (i) the first screen displayed when the vendor’s electronic site is accessed, (ii) on the screen on which goods or services are first offered, (iii) on the screen on which a buyer may place the order for goods or services, (iv) on the screen on which the buyer may enter payment information, such as a credit card account number.
Click here to download the free privacy guidelines from the California Attorney General.
The California Attorney General has put online operators on notice that it will pursue enforcement against those who do not comply with the law. Those who do not comply with the law could be subject to a $2,500 fine per incident. Enforcement actions vary from country-to-country. However, there is a common theme; fines.
This list of privacy laws that affect website owners is by no means complete.