California’s Attorney General Issues Guidance For Compliance With CalOPPA

The California Attorney General’s office recently released recommendations for compliance with CalOPPA, including guidance for compliance with the 2013 amendment calling for increased disclosures about online tracking activities and use of personal information by website operators. We previously reported on the specific details of the 2013 amendment. The recommendations in the guidance focus on making companies’ privacy practices more transparent to consumers, with an emphasis on readability and accountability, as well as having disclosures about tracking, data sharing and consumer choice. The guidance encourages businesses to use a format for their privacy policies that is easy to read, including clearly labeling the section of the policy that describes a business’ tracking policy. Within that section, businesses must clearly disclose how they respond to a browser’s Do Not Track signal or similar mechanism. The guide suggests a descriptive title for this section such as “How We Respond To Do Not Track Signals” or “Online Tracking.” The guidance also states that a business should disclose what personally identifiable information it, or third parties, collect from users, and how the information is used, including those uses beyond what is necessary for the basic functionality of the site or application. The privacy policy should also disclose how long the business will retain personal information. The guidance reiterates the need to describe what choices the consumer has with regard to the collection, use and sharing of their personal information and how to exercise those choices. The recommendations conclude by advising businesses to provide contact information to consumers for questions or concerns regarding the business’ privacy practices. For a video overview of the guidance, see our recent Mini Law Lesson.

TIP: With ever-increasing scrutiny surrounding businesses’ online collection and use of personal information, website operators should consider reviewing their current policy and practices and determine whether their practices and disclosures are in compliance with the guidance from the California Attorney General’s office. The guide provides specific requirements and disclosures a company can implement to help ensure its policy is compliant with CalOPPA.