California Privacy Laws Concern Website Owners

James Chiodo, Certified Information Privacy Professional CIPP/US

California’s $2,500 Internet Privacy Ticket

Changes in privacy laws that became effective January 1, 2014 require that website operators update their privacy policies or risk violating California privacy laws. Not complying with California’s new law can subject website and blog owners to a $2,500 fine per incident. This new law applies to mobile app developers as well.

California law, A.B. 370, requires that website and blog operators disclose how they respond to web browsers “Do Not Track” signals. The new law does not require that a website operator obey the “Do Not Track” signals. However, the new law does require the website operator to disclose how it will treat those signals (whether it will or will not obey the “Do Not Track” signals). In addition, the privacy policies of website and blog owners must include other required disclosures and information.

The California Attorney General’s office said that it would issue warnings to violators, giving them 30 days to comply with the new law before receiving a $2,500 fine. However, in light of the recent formation of the Privacy Enforcement and Protection Unit, one wonders how long the Attorney General’s office will issue warnings before simply issuing the $2,500 fine.

There’s More…

Violating California Business and Professions Code § 17538 is a misdemeanor punishable by up to 6 months in jail and/or fines of up to $1000.

With the buzz surrounding the new “Do Not Track Law”, many online operators remain unaware of a California existing law: The Business and Professions Code § 17538 requirements for website owners disclosing information to customers located in California.

Here is just some of the information website and blog owners are required to disclose to a buyer located in California.

(1) The vendor’s return and refund policy.
(2) The legal name under which the business is conducted.
(3) The complete street address from which the business is actually conducted.
(4) The vendor shall provide required disclosure information to the buyer at the buyer’s E-mail address within five days of receiving the buyer’s request.

This is just the tip of the legal iceberg for website owners. The FTC and other regulatory agencies have their own legal requirements and enforcement actions.

If there’s one thing you can take away from all this, it is this: California and federal agencies are beginning to aggressively enforce state and federal laws governing online privacy policies and disclosures.


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More