May 21 --California Attorney General Kamala Harris (D) May 21 released best practices recommendations for businesses that must comply with changes to the state's privacy laws requiring them to notify consumers about their do not track policies and procedures.
“This guide is a tool for businesses to create clear and transparent privacy policies that reflect the state's privacy laws and allow consumers to make informed decisions,” Harris said in a May 21 statement.
The guide says it isn't a regulation, mandate or legal opinion, but it is a resource that can help businesses comply or go beyond privacy requirements under California law.
The attorney general developed the guide in response to A.B. 370, signed into law in September 2013 and effective Jan. 1. The bill, which Harris sponsored, amended California's Online Privacy Protection Act, Cal. Bus. & Prof. Code §§22575-22579.
The law requires operators of websites and online services that collect personally identifiable information about consumers to explain their do not track policies and procedures. It doesn't require the sites to honor do not track requests, but it requires websites to inform consumers if they disclose consumer data to third parties.
Melissa Krasnow, a partner with Dorsey & Whitney LLP in Minneapolis, told Bloomberg BNA May 21 that the guidance makes it clear that if businesses follow the recommendations they will meet minimum legal requirements, and possibly exceed them.
According to the attorney general's statement, the guide recommends that businesses collecting personally identifiable information about consumers:
• prominently label the section of their privacy policies regarding online tracking, for example: “California Do-Not-Track Disclosures”;
• describe how they respond to a browser's do not track signal or similar mechanisms within their privacy policies instead of providing a link to another website;
• say in the policy if third parties are or may be collecting personally identifiable information;
• explain their uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of the website or application;
• describe what personally identifiable information they collect from users, how they use it and how long they retain it;
• describe the choices a consumer has regarding the collection, use and sharing of his or her personal information; and
• use plain, straightforward language that avoids legal jargon and use a format that makes the policy readable, such as a layered format, and use graphics or icons instead of text.
Although some companies have updated their privacy policies since A.B. 370 took effect in January, many were waiting for the attorney general to release the guide, Krasnow said. Now that it is out, companies should take a close look at updating their privacy policies, she said.
The guidance clearly applies to mobile applications as well as websites, and Harris has shown an interest in enforcing privacy laws against mobile applications through her case against Delta Air Lines Inc. , Krasnow said.
In January 2013, the attorney general issued guidance for mobile app software developers on how to comply with the state's privacy laws .
Although it isn't a binding regulation or legal opinion, the guidance could play a role in future enforcement actions from the attorney general's office, Krasnow said. Enforcement could focus on companies without privacy policies, or on companies that have policies the attorney general considers to be inadequate.
To contact the reporter on this story: Laura Mahoney in Sacramento, Calif. at firstname.lastname@example.org
To contact the editor responsible for this story: Heather Rothman at email@example.com
The guide, “Making Your Privacy Practices Public,” is available at https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).