4/27/2005

Compliance with CA Privacy Laws Requires Attention

"The California state legislature has already enacted more than a dozen laws that regulate how businesses, universities and other organizations that collect personal information on California residents must manage private data. And that's just the beginning...

Like a large hurricane sweeping in off the Pacific, these laws will wreak havoc on all kinds of business processes, including how websites can collect personal data and the management of databases that store personal information on customers. They will influence how companies share personal data with third parties and restrict their ability to contact consumers via cell phones and faxes. State lawmakers are also considering laws that could affect how your company outsources services that handle personal information.

And keep in mind: Any company that sells a product or service to a California resident, even if the company is based outside the state, may be affected. Just having a website that a California resident visits—and one out of 10 Americans lives in California—can put you under the jurisdiction of these laws...

Many CIOs whose companies do business in California may think they are in compliance with some of these laws. But they would be wrong. For example, executives may assume they are in compliance with the law requiring a privacy notice on their corporate website that states clearly what personal information is being gathered on browsers. However, as many as 80 percent of the privacy policies at corporate sites are out of compliance, according to the Ponemon Institute, which conducted a survey of up to 500 randomly selected websites..."

Read more in this article from CIO Magazine.