As is so often the case, California is again leading the nation in the definition and enforcement of online privacy rules. The latest announcement from California Attorney General Kamala Harris, while not legally effective in other states, should serve as a beginning point for you to begin thinking about how your company will handle these new online privacy requirements as they emerge in your area.
California recently enacted tough “do not track” laws. In an effort to equip businesses to re-draft online privacy policies to comply with the new rules, Harris issued some guidelines. Among other things, these guidelines recommend that businesses:
- prominently label the section of their online privacy policies that cover online tracking;
- describe how they respond to a browser’s Do Not Track signal within the policies themselves, rather than providing a link to another website;
- reveal in the online privacy policy whether third parties are or may collect personally identifiable information (PII);
- explain any use they make of PII beyond what is necessary to fulfill a transaction or for the site or app to function;
- describe what PII they collect from users, how they use it and how long they store it;
- delineate the choices consumers have governing the collection, use and sharing of his or her PII; and
- use plain, straightforward language, avoiding legal jargon, and publish in a format that makes the policy readable;
As always, it’s a good idea to have in-house counsel or your law firm review any revisions to your published online privacy policy.