California has a number of privacy notice requirements for businesses collecting data from California residents, including as of January 1 of this year a requirement that websites, mobile apps and online services make certain disclosures regarding how they respond to browser and other “do not track signals” and regarding the presence and functionality of tracking technologies of third parties associated with their site, app or service. The California Attorney General (CA AG), whose office has been very active in both bringing enforcement actions and working with industry to develop voluntary adoption of best practices, has recently issued a guidance document that helps explain how to comply with the most stringent online consumer privacy laws in the country. It includes an entire section dedicated to explaining how the AG believes companies should provide disclosures regarding the tracking of consumers across time and locations, the foundation of interest-based or behavioral advertising. Companies should assesses their data privacy and security practices at least annually, and ensure that policies are accurate and that the clearly and conspicuously disclose all material data practices in an easily understandable manner. The AG’s new guidance provides suggestions on how to improve readability and as to what the AG believes rises to the level of material practices that must be disclosed. It also recommends layered policies, the practice of providing short explanations of the most materials points in plain language, with a click through to more detail, especially for mobile.