California’s recent amendments to the California Online Privacy Protection Act require certain online services to make additional disclosures about how they respond to browser-based Do Not Track signals―new obligations that went into effect on January 1. Along with Joanne McNabb of the Office of the California Attorney General, Kurt Wimmer and I will be discussing
The California legislature has enacted a flurry of privacy-related laws over the past few months. Still more bills are pending. This post provides a brief overview of new privacy laws enacted in California in 2013, including measures that will become effective on January 1, 2014. For a more detailed look at some of these key laws, please see our recent client alert.
- S.B. 46 – Amendment to California’s Security Breach Notification Law (effective Jan. 1, 2014). California’s existing breach notification law requires an entity to notify consumers following discovery of a data breach involving the unauthorized acquisition of “personal information.” The law defines “personal information” as an individual’s first name or initial and last name in combination with one or more sensitive data elements, such as Social Security number, financial account number, or medical information. This amendment expands the definition of “personal information” to include “a user name or email address, in combination with a password or security question and answer that would permit access to an online account,” regardless of whether name and/or other sensitive data elements are breached.
Last week the California Senate unanimously approved a bill requiring that operators of commercial websites and online services that collect personal information disclose how they respond to “do-not-track” signals from web browsers and whether they allow third parties to engage in online tracking. The legislation, which was introduced by Assemblyman Al Muratsuchi, has been sponsored by CA Attorney General Kamala Harris.
- “disclose how the operator responds to Web browser ‘do not track’ signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection”; and
- “disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.”
Yesterday, California Attorney General Kamala Harris continued her efforts to promote privacy best practices in the mobile app ecosystem by issuing a number of recommendations in her report, “Privacy on the Go.” The report encourages app developers, platform providers, ad networks, OS developers, and even mobile carriers to incorporate privacy by design into their products and services and provides detailed suggestions on how to do so. Importantly, the report notes that its recommendations in many cases go beyond what’s currently required by law; they are, for the most part, best practices.
The report goes onto make a number of specific recommendations that build on these basic propositions. After the jump, we discuss a few that struck us as particularly noteworthy.…
California Attorney General Kamala Harris has made good on her promise to get tough with mobile app makers that fail to provide privacy policies in their apps. Yesterday, her office sued Delta Airlines for violating the California Online Privacy Protection Act (“CalOPPA”), which requires providers of websites and “online services” to conspicuously post privacy policies…