By Kevin Lin
As published in the Union Leader (12/5/2016)
Q. My website allows customers to create user accounts, saves their contact information and tracks their purchases to suggest new items they may want to buy. Are there any disclosures I need to make about my customer data collection?
A. One regulation governing consumer data collection is CalOPPA, a California statute that seeks to improve the transparency of a company’s data privacy practices. A New Hampshire business is subject to CalOPPA if it gathers personal information online about any California resident.
This information includes first and last names, addresses, emails, telephone numbers, and other similar information. Since most online footprints are nationwide and it is often difficult to differentiate California residents from other customers, businesses should simply comply with CalOPPA to avoid unknowing violations.
Violations of CalOPPA are enforced through California’s Unfair Competition Law. A company that does not comply with CalOPPA may be subject to penalties of up to $2,500 for each violation. With respect to mobile applications, the penalty is assessed each time the application is downloaded by a California resident.
In 2012, the California Attorney General informed hundreds of noncomplying companies (including those outside of California) that they would be fined if they did not bring their mobile applications into compliance. More recently, California Attorney General Kamala D. Harris released a new tool for consumers to report noncomplying websites, mobile applications and online services.
Given the rise in enforcement and the potential risk of exposure, it is crucial that all New Hampshire companies review their privacy policies to ensure compliance with CalOPPA.