Know the Law: Some Data Collecting Requires Disclosures

By Kevin Lin

As published in the Union Leader (12/5/2016)

Q. My website allows customers to create user accounts, saves their contact information and tracks their purchases to suggest new items they may want to buy. Are there any disclosures I need to make about my customer data collection?

A.  One regulation governing consumer data collection is CalOPPA, a California statute that seeks to improve the transparency of a company’s data privacy practices. A New Hampshire business is subject to CalOPPA if it gathers personal information online about any California resident.

This information includes first and last names, addresses, emails, telephone numbers, and other similar information. Since most online footprints are nationwide and it is often difficult to differentiate California residents from other customers, businesses should simply comply with CalOPPA to avoid unknowing violations.

CalOPPA requires that a business post its privacy policy on its website identifying exactly what consumer information is collected and with whom that information is shared. The law also requires that the privacy policy inform consumers about the process for reviewing and requesting changes to any information collected, and that it specify how consumers will be notified of changes to the policy. Additionally, the most recent amendments require the privacy policy to detail how the business will respond to web browser “do not track” signals.

Violations of CalOPPA are enforced through California’s Unfair Competition Law. A company that does not comply with CalOPPA may be subject to penalties of up to $2,500 for each violation. With respect to mobile applications, the penalty is assessed each time the application is downloaded by a California resident.

In 2012, the California Attorney General informed hundreds of noncomplying companies (including those outside of California) that they would be fined if they did not bring their mobile applications into compliance. More recently, California Attorney General Kamala D. Harris released a new tool for consumers to report noncomplying websites, mobile applications and online services.

Given the rise in enforcement and the potential risk of exposure, it is crucial that all New Hampshire companies review their privacy policies to ensure compliance with CalOPPA.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s