California Attorney General Kamala Harris has released a 28-page set of recommendations for businesses in order to comply with the California Online Privacy Protection Act (CalOPPA).
The directives are essentially “best practices” that are intended to help business “create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions.” The policies are intended to change common practices among website operators to post lengthy privacy policies but fail to actually notify users about how their information is collected and used.
Some of the key recommendations from the guide are as follows:
- Simple. Using straightforward language that avoids legal jargon and is in a format that is readable.
- Personally Identifiable Information. Make sure you explain how you collect and use personally identifiable information beyond what is necessary to satisfy completion of the customer’s purchase or provision of the services you provide online. If the information is shared with third parties, provide links to those thid-party websites.
- Third-Party Tracking. State whether third parties are collecting any personally identifiable information about the individuals visiting your site or service.
- Choice. Ensure that you are giving the consumer a choice regarding the collection, use, and sharing of their personal information.
“Personally identifiable information” includes the following:
- A first and last name.
- A home or other physical address, including street name and name of a city or town.
- An e-mail address.
- A telephone number.
- A social security number.
- Any other identifier that permits the physical or online contacting of a specific individual.
- Information concerning a user that the web site or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described in this subdivision.
Axis Legal Counsel represents clients in numerous types of privacy violations, including HIPAA/medical information violations, violations by doctors, medical care providers, schools, and employers, data breaches, violations of financial information, violations of name, likeness, and image, right of publicity claims, online / internet privacy violations, and numerous others. To contact us, please call (213) 403-0130 or email email@example.com for a confidential consultation.