California Releases Guidelines for Compliance with New Privacy Laws | Practical Law

California Releases Guidelines for Compliance with New Privacy Laws | Practical Law

The California Attorney General's Office published guidelines for companies to comply with a new state privacy law that took effect on January 1, 2014.

California Releases Guidelines for Compliance with New Privacy Laws

Practical Law Legal Update 9-568-8245 (Approx. 3 pages)

California Releases Guidelines for Compliance with New Privacy Laws

by Practical Law Intellectual Property & Technology
Published on 22 May 2014California
The California Attorney General's Office published guidelines for companies to comply with a new state privacy law that took effect on January 1, 2014.
On May 21, 2014, The California Attorney General's Office published Making Your Privacy Practices Public (Guidance) for companies to comply with California's revised privacy laws that took effect on January 1, 2014. The revised privacy laws require companies to prominently disclose all privacy practices, including how they respond to "do not track" requests. For more on California's "do-not-track" law, see Legal Update, California Enacts "Do-Not-Track" Disclosure Law.
The Guidance includes recommendations on what companies should include in their privacy policies. For example, it recommends that companies:
  • Include the scope and effective date of their online privacy policy.
  • Make the privacy policy conspicuously available.
  • Make the privacy policy readable by using plain, straightforward language and short sentences.
  • Describe how and what kind of personally identifiable information is being collected.
  • Make clear where in the privacy policy the company sets out its online tracking policy.
  • Directly describe how the company responds to do-not-track requests.
  • Explain how the company uses and shares personally identifiable information, including any use that is beyond that which is necessary to maintain service functionality or fulfill a customer transaction.
  • State whether other parties are or may be collecting the personally identifiable information of consumers who use the company's site.
  • Link, whenever possible, to the privacy policies of third parties with which the company shares personally identifiable information.
  • Describe the consumer's choices regarding the collection, use and sharing of personal information.
  • Explain the security safeguards protecting customers' personal information from unauthorized or illegal access, modification, use or destruction.
  • Provide the contact information for customers' questions or concerns about the company's privacy policies and practices.
The Guidelines include an appendix setting out the California Online Privacy Protection Act of 2003 (CalOPPA), as amended by AB 370 (Cal. Bus. & Prof. Code § 22575, et seq.).