What is CalOPPA and Why You Should Care
Individual consumers using online websites and mobile apps are increasingly more concerned about their privacy. Personal information like their names and address can be weak points leading to identity theft and fraud.
As such, commercial websites and app developers have the responsibility to help consumers protect their privacy. This is the basis of CalOPPA, or the California Online Protection Act.
CalOPPA is a state law designed to protect the privacy rights and personal information of residents in the state of California. All websites with California users have to comply with this law.
Table of contents
What is CalOPPA?
Privacy has been a rising concern ever since computers and the Internet took the world by storm. Federal laws have been created to protect online consumers, from the Cable Communications Policy Act of 1984, and the Computer Security Act of 1997.
There are also federal laws that protect special groups, such as the American with Disabilities Act, and the Children's Online Privacy Protection Act. However, there is no federal law specifically covering data privacy.
The closest and broadest privacy act in the country is the CalOPPA, which is a state law. The California Online Privacy Protection Act became effective 1 July 2004, and it increased the protection of privacy rights and personal data of California residents.
CalOPPA is a pioneering state law that focuses on safeguarding "personally identifiable data." This data can include basic information such as the name and birthday of your consumers.
For the purposes of the law, personally identifiable data include:
- First and last name
- Physical addresses
- Contact information, including email address, telephone, and mobile numbers
- Social security numbers
- Physical appearance identifiers, such as height, weight, and hair color
- Any other data that may identify an individual
In effect, all websites collecting personal data online, whether they are based in California or even outside the United States, have to comply with CalOPPA because they will likely be used by a resident of California.
Privacy policies are required almost universally. Most countries in the world already have some form of privacy law to protect the residents in their jurisdictions.
How does CalOPPA work?
CalOPPA outlines the minimum requirements to help protect the personal data of California residents. It is an essential framework for any business seeking to serve users from California.
It should be conspicuous, easily accessible, and written in plain English and easy to understand the text. It should also contain the word "Privacy" outright. This is the main requirement that needs to be complied with.
- Type of information collected, e.g., names and email addresses through a sign-up form, browsing activities
- Purpose of data collection, e.g., to improve advertising, to analyze sales
- Details on information storage, processing, and protection
- Affiliates and third-party services that may have access to the data
- Compliance with laws and policies (you may list which laws or standards you are compliant with)
- If users can opt-out of data collection, request changes to their data, or request for deletion of data, and other user rights (by law, all websites and apps are required to allow users to make changes to their data, and to make the process simple)
- Whether or not you respond to DNT (Do Not Track) requests (complying with DNT requests is not a requirement under CalOPPA)
- Date of the last update to the policy
Who needs to comply with CalOPPA?
Thus, CalOPPA applies to any company or person whose website collects personally identifiable data from California residents. It doesn't matter where you live. The law's jurisdiction involves individual consumers who are residents of the state of California.
Operators of the website or online service need to comply. This does not only include dot com websites. Developers of apps that cover different platforms also need to comply as long as they collect user data.
Aside from the creators of the site or app, third-party services who also use the data also need to comply with CalOPPA.
What are the penalties for non-compliance?
Failing to comply with CalOPPA also puts you at risk of civil litigation. The civil charges against you can be filed under California's Unfair Competition, which prohibits false and misleading advertising.
Under the California Business and Professions Code, you can be charged with a civil offense. The penalty can reach up to $2500 for each violation.
- Updated on December 12, 2019