ClickCease Skip to main content

California Passes Three Privacy and Data Security Laws that Affect Many Companies

By October 15, 2013June 8th, 2020Insurance

Data Security Cyber Laws

California recently passed three significant new privacy laws, increasing many companies’ privacy and data protection obligations.

First, California passed the first law in the United States that requires web site and online services to make certain disclosures regarding online tracking and targeted advertising. This law will likely have widespread effect, as many websites collect information from California residents.

Second, also one of the first laws of its kind, California’s new “Social Eraser” law requires websites directed at minors to permit registered users who are minors to remove, or request removal of, content posted by the user.

Finally, a new amendment to California’s breach notification statute extends notification requirements to the breach of California residents’ online account credentials, with distinctive obligations regarding method and content of such notices. Other states may soon follow suit, as they did after California enacted the first US breach notification statute in 2003 – in the past ten years, 45 other states enacted similar statutes modeled on California’s.

Online Tracking Disclosures

California has passed the first law in the United States that requires web site and online services to make certain disclosures regarding online tracking and targeted advertising.

The law amends the California Online Privacy Protection Act (“CalOPPA”). Prior to the amendment, CalOPPA required a website and online service operator to disclose in its privacy policy the following information: (1) categories of personal information gathered; (2) parties with whom such information is shared; (3) if the operator maintains a process for consumers to review and change such information; (4) a description of the process by which the operator notifies users of changes to its privacy policy; and (5) the effective date of the policy.

After the amendment, in addition to the foregoing, CalOPPA will also require the operator to: (1) disclose how the operator responds to “Do Not Track” signals or other mechanisms giving consumers the ability to exercise choice over the collection of personal information over time and across third-party websites or online services, if the operator engages in the collection of such information; and (2) disclose whether other parties may collect such information over time and across different Web sites when a consumer uses the operator’s site or service.

The new law provides that the operator may comply with the first new requirement above by “providing a clear and conspicuous hyperlink” in its privacy policy “to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.”

This law will likely have widespread effect, as many websites collect information from California residents, and companies, regardless of where they are located, should begin to take steps to ensure compliance.

More Companies are seeking Cyber Liability insurance coverage to protect their company if you are interested in more information contact our office at info@insuranceinc.com

by Edwards Wildman Client Advisory
Edwards Wildman Palmer LLP 10-07-2013

Close Menu