What is the Privacy Policy Requirement according to CalOPPA?
California’s law requires operators of commercial web sites or online services that collect personal information, which is defined as “information such as the consumer’s name, physical address, email address, telephone number, social security number, and any other identifying information that can be used to contact the consumer physically or online,” on California residents through a website or mobile app to conspicuously post a privacy policy on the site and to comply with its policy. The privacy policy must, among other things, identify the categories of personally identifiable information collected about site visitors and the categories of third parties with whom the operator may share the information. An operator is in violation for failure to post a policy within 30 days of being notified of noncompliance, or if the operator either knowingly and willfully or negligently and materially fails to comply with the provisions of its policy.
Operators of websites and online services that are subject to CalOPPA are required to conspicuously post their privacy policies on their websites and to make their policies reasonably accessible to consumers. Mobile apps must include a reasonably accessible link to the website with the applicable privacy policy.
The following is already required under CalOPPA and must be included:
• The categories of personally identifiable information (“PII”) collected;
• A description of the types of PII collected and disclosed by the operator;
• A description of the process by which a consumer can access and request changes to his or her PII, if available;
• A description of the process by which the operator will notify consumers of material changes to the privacy policy;
• An effective date;
• The categories of third-parties with whom the information is shared; and
• Whether there is a process for the consumer to review information collected and/or make changes.
If AB370 is signed into law, CalOPPA will require that policy policies additionally detail:
• How websites respond to DNT requests; and
• Whether 3rd parties collect a user’s PII.
For more information, see here: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=BPC§ionNum=22575
These materials were obtained directly from the State Government public websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.