12/10/2004

Does Your Privacy Policy Comply with CA Act?

From Morrison & Foerster LLP via Mondaq (free registration required):

"California's Online Privacy Protection Act requires commercial websites or online services to post an online privacy policy if they collect any 'personal information' from California residents over the Internet. Although the Act took effect on July 1, 2004, it received surprisingly little media attention and, in fact, many covered websites still do not comply with the Act's requirements.

Accordingly, the owners of websites or online services covered by the Act should take a moment to confirm that their online privacy policies contain each of the following elements required by the Act:

1. Identification of the categories of personally identifiable information collected through the website or online service about individual consumers who use or visit that website or online service;
2. Identification of the categories of third parties with whom that personally-identifiable information may be shared;
3. A description of the process by which the consumers who visit or use the website or online service are notified of material changes to the privacy policy for that site or service;
4. The effective date of the policy; and
5. If the commercial website or online service maintains a process for an individual consumer to review and request changes to his or her personally-identifiable information gathered through that site or service, a description of that process."