In late September, California enacted several laws that place stricter requirements on operators of websites and other online services that collect certain information about California residents. These Internet data privacy laws will go into effect on January 1, 2014. One of the laws focuses on cookies, small files that are stored on users’ computers to track Internet activity to allow, among other things, online marketers to deliver a page tailored to that particular user.
Internet Data Privacy Law Requirements
California’s new Internet data privacy law requires any operator of a commercial website or online service that collects personally identifiable information (“PII”) about California consumers to conspicuously post its privacy policy on its website. The Internet data privacy law also establishes specific requirements for the privacy policy itself, including that the privacy policy must: (1) identify the categories of PII that are collected and the categories of third-parties that the PII may be shared with; (2) provide a description of the process for reviewing and requesting changes to the PII collected through the website or online service (if the operator maintains such a process); (3) describe the process by which the operator notifies consumers who use or visit its website or online service of material changes to the privacy policy; (4) disclose how the operator responds to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of PII; and (5) disclose whether other parties may collect PII about a consumer’s online activities over time and across different websites when a consumer uses the operator’s website or se
Concerns with the Internet Data Privacy Law
How do you know that a person visiting your website is a California resident? Even if you track the person’s IP address if he or she submits information on your site, there is no way of really knowing where the person resides. For example, a California resident could be vacationing in New York and visit your website from there. Or, a California resident could work in a neighboring state and access your website from his or her office computer. The only sure way to protect your company is to apply the new California requirements to your website across the board (for all consumers).
While California’s Internet data privacy law goes into effect on January 1, 2014, it is not too early to revise your privacy policy so that you are fully prepared.
If you are interested in learning more about this topic or would like to update your privacy policy, please e-mail us at info@kleinmoynihan.com, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising
