Online Privacy Protection Law
Internet Privacy Protection Law
Do you or does your business own and operate a website that collects personally identifiable information from any California consumer, such as name, address, telephone number, date of birth or email address?
What’s the big deal? CalOPPA is enforced by California’s Unfair Competition Law (UCL) found in Business and Professions Code §§ 17200-17209 and you could face penalties of up to $2,500 for each violation. CalOPPA can also be enforced by the Federal Trade Commission, the California Attorney General’s Office, district attorneys and some city and county attorneys who can all file suit for “unfair competition.” These entities can seek civil penalties and equitable relief. Furthermore, under California’s UCL, a consumer or a business may file a private action for violations of CalOPPA.
But CalOPPA is just the beginning. There are multiple US laws and global privacy laws that govern the collection of information from consumers. These include the following, just to name a few:
CCPA – California Consumer Privacy Act includes, among other things, the right of California consumers to request disclosure of business data collection and sales practices, the right to request specific PI collected, the right to have certain information deleted, the right to request that personal information not be sold to third parties, and the right not to be discriminated against because of exercising these rights. The law requires that these notices be given at or before the point of collection of personal information and must be posted on a business’s website.
These rights apply to businesses organized and operated for the profit or financial benefit of its shareholders or other owners which determines the purposes and means of processing personally identifiable information. The CCPA applies to businesses in California who have annual gross revenues that exceed 25 million dollars, sell personal information of 50,000 or more consumers, or receives 50% of its annual revenue from sales of personal information.
GDPR – General Data Protection Regulation applies to businesses that are formed and operated in the European Union or to companies that collect information from people in the European Union. These laws tend to be stricter and it protects people under the age of 16 by requiring parental consent to collect their information. If you collect any information from people in the European Union, you must abide by the requirements of the GDPR.
Other Privacy Considerations: Other privacy issues that should be considered include those under the following laws: Health Information Portability and Accountability Act, Family Educational Rights and Privacy Act, the Fair Credit Reporting Act, the Fair and Accurate Credit Transaction Act; the Gramm-Leach-Bliley Act; the Cable Communications Policy Act; and the Telephone Consumer Protection Act.
If you run a website that collects information from consumers, it is of the utmost importance that you consult with a certified privacy professional. We provide website owners and operators with current privacy policies to protect you from running afoul of the numerous laws to which you must comply.
For more information on the privacy services provided by Daryl Reese Law PC, contact Sarah M. Hurd Montgomery at firstname.lastname@example.org.
Sarah is a Certified Information Privacy Professional/United States (CIPP/US) through the ANSI-accredited International Association of Privacy Professionals (IAPP). Complimenting Sarah’s estate planning practice, Sarah has been assisting clients with drafting website privacy policies to comply with California’s Online Privacy Protection Act, the Children’s Online Privacy Protection Act, the California Consumer Protection Act, and the General Data Protection Regulation.
The CIPP is the global standard in privacy certification. Developed and launched by the IAPP with leading subject matter experts, the CIPP is the world’s first broad-based global privacy and data protection credentialing program. The CIPP/US demonstrates a strong foundation in U.S. private-sector privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the U.S., the EU and other jurisdictions. Sarah joins the ranks of professionals worldwide who currently hold an IAPP certification.
Our firm serves clients in California
3843 Brickway Blvd. Ste 204
Santa Rosa, CA 95403