The Internet’s New $2,500 Traffic Ticket

James Chiodo, Certified Information Privacy Professional CIPP/US

California’s new 2014 laws catch website and blog owners off-guard

Non-compliance with the California’s new law will subject website and blog owners to a $2,500 fine per incident, even if they live in another state.

Recent changes in California law that took effect January 1, 2014 has made it required for website and blog operators to update their privacy policy, or else they risk being in violation of the law.

The new California law A.B. 370 will require them to disclose how they respond to “Do Not Track” signals. The new law does not require the website or blog operator to obey the “Do Not Track” signals. However, the new law does require them to disclose how they treat these “Do Not Track” signals. Specifically, whether they will or will not obey the “Do Not Track” signals.

In addition, the privacy policies of website and blog owners are required to do the following:

(1) Identify the types of personally identifiable information the operator collects through the website or online service about individual consumers who use or visit its commercial website, online service and the categories of third-party persons or entities with which the operator may share that personally identifiable information.

(2) Maintain a process for a consumer who uses or visits its commercial website, blog or online service to review and request changes to any of his or her personally identifiable information that is collected through the website or online service, and provide a description of that process.

(3) Describe the process by which the operator notifies consumers who use or visit its commercial website or online service of material changes to the operator’s privacy policy for that website or online service.

(4) Identify the date their privacy policy becomes effective.

(5) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different websites when a consumer uses the operator’s website or service.

This new California law has a very long reach; it can apply even if the website or blog owner lives in another state.

The California Attorney General’s office said initially, they would issue a warning to those in violation and give 30 days to comply with the new law before issuing a $2,500 fine.

However, after recently forming a Privacy Enforcement and Protection Unit, one wonders how long they will issue warnings at California’s expense before they take the more profitable route and simply forgo the 30-day warning and issue the $2500 fine.

For now, it appears, they intend to send out a warning notice to those online websites and blogs that are not in compliance with the new law to give them a chance to comply with the new law.

With the entire buzz about the new law, many online operators are unaware of California’s existing law; the “California Online Protection Act” that requires website and blog operators who collect (“PII’”) personally identifiable information from California residents who purchase from or visit their website to post a privacy policy in a clear and conspicuous spot on their website or blog.

It is very clear that state and federal laws governing online privacy policies and disclosures will see stronger enforcement actions beginning 2014.

If you need an attorney-drafted privacy policy to help comply with the new laws visit


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More