Often at the forefront of privacy issues, California has enacted a law that took effect on July 1, 2004 and is likely to affect every business with an online presence that collects personal information - even those without any obvious California ties.
Overview Of The Online Privacy Protection Act Of 2003
Categories of personally identifiable information that is collected through the website;
Categories of third-parties or entities with whom the operator of the site may share personally identifiable information;
A description of the process (if one exists) that a consumer would use to review or change his or her personally identifiable information
A policy is conspicuously posted through any of the following:
It is posted on either the homepage or first significant page after entering the website;
An icon that hyperlinks to the policy appears on the homepage or first significant page of the website; or
A text link that hyperlinks to the policy appears on the homepage or first significant page of the website, and does one of the following: (a) includes the word "privacy," (b) is written in capital letters or is the size of surrounding text, or (c) is written in larger type than the surrounding text, or in contrasting type, font or color, or otherwise is set off with marks that call attention to the language.
The Act also requires a site operator to comply with the terms of the policy posted on its website. It gives a site operator a grace period of 30 days after being notified of noncompliance to post its policy or presumably correct any violations contained in a posted policy. An operator subject to the law is in violation for failing to comply with either the Act or its own policy if it acts in a manner that is either "knowingly and willfully" or "negligently and materially."
Compliance with the Act
If you operate a website that is visited, used or viewed by consumers residing in the State of California, the Act is applicable to you and you must comply with it. Even if a consumer residing in the State of California never visits, uses or views your website, you are still well-advised to follow the requirements of the Act. Customers are growing to expect sensitive treatment of their personal information, and most, if not all, of the requirements of the Act appear to make good business sense in today's Internet climate. In addition, other states (such as New York and New Jersey) are actively considering similar legislation, and we expect that eventually every website operator will be subject to at least one state's Internet privacy law.
Retain Prior Privacy Policies
1.Send an Email to Users.
2.Provide a Link on the Homepage of the Website.
Susan James is an associate based in the Atlanta office of McKenna Long & Aldridge, where she is a member of the Corporate and Intellectual Property & Technology Practices.