Do You Collect Californian’s Personally Identifiable Information (PII) on Your Website?

more+
less-

shutterstock_116345242Effective January 1, companies in California and around the world must be aware of new liabilities that relate to online privacy protections including practices relating to storing personally identfiable information.  If your company operates a website, it’s a good time to review the privacy disclosures that are posted.

The new law is AB370, is an amendment to the Online Privacy Protection Act.  Here is the summary for the Legislative Digest:

Existing law requires an operator of a commercial Internet Web site or online service that collects personally identifiable information through the Internet about consumers residing in California who use or visit its commercial Web site or online service to conspicuously post its privacy policy on its Web site or online service and to comply with that policy. Existing law, among other things, requires that the privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its Web site or online service and 3rd parties with whom the operator shares the information.
This bill would require an operator to disclose how it responds to “do not track” signals or other mechanisms that provide consumers a choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across different Web sites or online services. The bill would require the operator to disclose whether other parties may collect personally identifiable information when a consumer uses the operator’s Web site or service.