Companies With Websites or Mobile Apps – Are You in Compliance in Terms of Providing a Privacy Policy for California Residents?

As Los Angeles business attorneys who deal with many technology-related issues, we know that companies with a website or mobile app must provide a privacy policy that California residents who use your website can easily find if private information is collected from those visitors.  Without it, you could be facing huge fines.  In fact, companies that offer mobile apps so that smartphone and tablet users can more easily access their websites may face a fine of $2,500 every time a California user downloads a noncompliant app!

Phone LockWhat is a privacy policy, exactly?

Basically, a privacy policy explains to users how their personal information such as name, address, email address, and other personally identifiable information may be used by the business owner.  While there is no federal law in place at this time which requires a business to make a privacy policy available, California does have a state law that requires businesses that collect personal information from residents to post this policy in a conspicuous place. This law, known as the CalOPPA (California Online Privacy Protection Act, was enacted in 2004 and actually goes beyond the state’s borders, considering there are California residents who may access websites anywhere in the world that collect personal data.

What must be contained in your privacy policy?  In order to be in compliance with state and FTC standards along with CalOPPA, the following should be addressed in your privacy policy:

Whether cookies are used, and the type of information recorded;

A clear outline of the personal information collected, and how this information is used, whether it is disclosed to third parties, and to whom;

How your server and online operations are kept secure;

How your visitors may opt out from having their information disclosed to third parties, and from receiving emails;

How users of your mobile app/website may review their personally identifiable information and make changes to that information;

The effective date of your privacy policy, and how users can learn of any material changes made to that policy; and

Whether personal information is collected from children who are younger than 13, and how parental consent is secured if so to be in compliance with the federal Children’s Online Privacy Protection Act.

While you may already have a privacy policy in place, most essential of all is that your company acts in accordance with the policy.  A deceptive privacy policy which does not accurately reflect the practices your company actually engages in can leave you facing prosecution by the Federal Trade Commission.  Lastly, your privacy policy should be written in a way that is clear and easy for the average individual to understand.

To ensure your privacy policy is clear and legally compliant, consider consulting with the Los Angeles business lawyers at Spotora & Associates.

This entry was posted on Monday, March 18th, 2013 at 3:27 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.