What is CalOPPA and Why You Should Care
Individual consumers using online websites and mobile apps are increasingly more concerned about their privacy. Personal information like their names and address can be weak points leading to identity theft and fraud. As such, commercial websites and app developers have the responsibility to help consumers protect their privacy. This is the basis of CalOPPA, or the California Online Protection Act.
CalOPPA is a state law designed to protect the privacy rights and personal information of residents in the state of California. All websites with California users have to comply with this law.
What is CalOPPA?
Privacy has been a rising concern ever since computers and the Internet took the world by storm. Federal laws have been created to protect online consumers, from the Cable Communications Policy Act of 1984, and the Computer Security Act of 1997. There are also federal laws which protect special groups, such as the American with Disabilities Act, and the Children's Online Privacy Protection Act. However, there is no federal law specifically covering data privacy.
For the purposes of the law, personally identifiable data include:
- First and last name
- Physical addresses
- Contact information, including email address, telephone, and mobile numbers
- Social security numbers
- Physical appearance identifiers, such as height, weight, and hair color
- Any other data that may identify an individual
In effect, all websites collecting personal data online, whether they are based in California or even outside the United States, have to comply with CalOPPA because they will likely be used by a resident of California.
How does CalOPPA work?
CalOPPA outlines the minimum requirements to help protect the personal data of California residents. It is an essential framework for any business seeking to serve users from California.
- Type of information collected, e.g., names and email addresses through a sign-up form, browsing activities
- Purpose of data collection, e.g., to improve advertising, to analyze sales
- Details on information storage, processing, and protection
- Affiliates and third-party services that may have access to the data
- Compliance with laws and policies (you may list which laws or standards you are compliant with)
- If users can opt out of data collection, request changes to their data, or request for deletion of data, and other user rights (by law, all websites and apps are required to allow users to make changes to their data, and to make the process simple)
- Whether or not you respond to DNT (Do Not Track) requests (complying with DNT requests is not a requirement under CalOPPA)
- Date of the last update to the policy
Who needs to comply with CalOPPA?
Thus, CalOPPA applies to any company or person whose website collects personally identifiable data from California residents. It doesn't matter where you live. The law's jurisdiction involves individual consumers who are residents of the state of California.
What are the penalties for non-compliance?
Failing to comply with CalOPPA also puts you at risk of civil litigation. The civil charges against you can be filed under California's Unfair Competition, which prohibits false and misleading advertising. Under the California Business and Professions Code, you can be charged with a civil offense. The penalty can reach up to $2500 for each violation.
- May 22, 2019