NEW CALIFORNIA LAWS
AB 370 –Do Not Track Amendment
This law requires web site operators to post their response to Do Not Track requests by a web site visitor. It does not require you to abide by the visitor’s wishes, only to notify them of your site’s response to the request – Therefore, you can still track with the proper notice to your visitors. This law is effective 1-1-14.
SB 46—Amendment to California’s Data Breach Notification Law
California has had a breach notification law since 2002. SB 46 increases the types of information that must be reported in a breach to include log in and security questions visitors have submitted. The law outlines how the breach notification is to be accomplished. This law is effective 1-1-14.
SB 568—”Privacy Rights for California Minors in the Digital World”—The Minor “Eraser” Law
This law allows minors (those under the age of 18) to erase posts that they have created which cast them in a bad light. Unfortunately, while this law is good in concept, it is poorly written, probably unconstitutional, and in all probability will be revoked, revised or amended before its effective date of 1-15-15. I have decided to ignore this law for now and address it a year from now if it is still effective or in a new form.
SOME OTHER CALIFORNIA LAWS CONCERNING WEB SITES AND PRIVACY
1798.81 – “A business shall take all reasonable steps to dispose, or arrange for the disposal, of customer records within its custody or control containing personal information when the records are no longer to be retained by the business by (a) shredding, (b) erasing, or (c) otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.” There are other sections of this act you need to be aware of. A web site owner should have a written standard operating procedure for keeping and disposing of records.
California’s Shine the Light Act – requires web site operators to inform users how the site shares their private information and how a user can change or remove their information on the site.
Security Breach Notification Laws – require web sites that have an information breach to notify the state, and under this year’s new law, to notify the web site users whose information was compromised. If this happens to your site, contact a lawyer to make sure your notifications are properly made.
How you post these new policies is going to look like a Chinese menu to you. You may decide that you will treat every visitor the same or you can split your policy by either creating a separate page for California residents, or by adding to your current policy by stating, “The following policies apply to California residents only.”
Please feel free to contact me with any questions you may have. I do not charge for initial consultations. Also, please feel free to share this blog with your friends who may be interested.