Why California's Online Privacy Laws Matter to Businesses in Every State

 

Image source material Truthout / Foter.com

People sometimes assume that the laws of states in which they do not have a physical presence do not apply to them.  Businesses and other organizations that engage with the public online, however, may be subject to the rules of the states in which their users reside.  I have previously written about how a few states have their own website (or web application) privacy rules, and the widespread view that California's are the most significant. 

 

Because California's online privacy laws are so important to organizations across the country, it is important to monitor relevant legal developments in California, including the actions of California's Attorney General.  This post summarizes recent developments in California affecting website operators and application operators.


• Early in 2012, California's Attorney General reached a voluntary resolution with Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Blackberry, requiring that mobile apps provide privacy policies that users could find in a consistent location before downloading an app.

• In October of 2012, California's Attorney General sent letters to approximately 100 mobile app developers and companies that were not in compliance with the California Online Privacy Protection Act and gave them 30 days to comply.

• In December of 2012, the Attorney General filed an enforcement action against Delta Airlines over its mobile application privacy policy statement.

• In 2013, Attorney General Harris issued Recommendations for the Mobile Ecosystem, which provided app developers with recommendations to develop privacy policies and procedures.

• Effective January 1, 2014, an amendment to the California Online Privacy Protection Act became effective that requires additional disclosures in online privacy policy statements.  I wrote about that earlier this year.  The change in law caused many existing privacy policy statements to become non-compliant if they were not amended to reflect the new disclosure requirements.

• In February of 2014, California's Attorney General issued a guide, Cybersecurity in the Golden State, intended to help organizations protect against, and respond to, data breaches and other cyber risks. 

Any organization with an online presence would do well to keep an eye on California's online privacy laws and enforcement actions.  Check the North Carolina Privacy & Information Security Law Blog from time to time for updates on this and other important legal updates.