How the California Online Privacy Protection Act Impacts Your Business
Starting this month, amendments to the California Online Privacy Protection Act (CalOPPA) will require businesses to disclose their response processes to Do Not Track (DNT) directives.
First, what is “Do Not Track”?
In 2010, the Federal Trade Commission issued a report to propose a simple “Do Not Track” mechanism for consumers to install in order to notify websites to not collect information about their Internet activity for advertising and other purposes.
Since the proposal, the gray area has increased. Even users who currently have a DNT plugin installed, the businesses receiving the DNT signal are not required to acknowledge, respond, or change their information gathering. Leaving the DNT essentially powerless.
As a result, California Governor Jerry Brown signed in September 2013 amendments to the current CalOPPA, stating that any business collecting information from a California resident online must disclose how they respond to DNT. Therefore, regardless of whether a website honors DNT, the website user has the right to know where and how their information is being used after pressing “Submit.”
“My business doesn’t conduct business in California”
Currently CalOPPA is only a statewide law, but the Internet knows no borders—allowing customers to interact from anywhere at any time. Even if your current customers aren’t coming out of the Golden State, it’s still wise to implement the disclosure now to avoid penalties once you start gaining national recognition.
“My website isn’t an e-Commerce site”
Doesn’t matter. “Personally identifiable information” covers everything from first and last name, email, location, and more. A simple signup for a content offer such as a white paper download or regular email list can be utilized for other purposes such as sales and advertising. This common tactic will now have to clearly explain to website visitors where and how their information will be used.
So now what?
Time to meet with your legal team (or, if you’re like other small businesses, put on your legal hat) and get to work on that revised privacy statement. Currently, there is a lack of templates available. Don’t fret—the International Association of Privacy Professionals details some helpful tips and terminology to consider in the required ruling, which we’ve summarized and adapted for marketers:
Questions to answer in your revised privacy statement:
- What are you currently using to track DNTs? Ask your web developer if your website it utilizing traditional HTTP cookies or another method.
- Does your company combine PII data with information from other sites? Disclose if your marketing and sales strategy includes creating visitor profiles with other third party information through social media, sales databases, or more.
While enforcement of CalOPPA has yet to be seen, small businesses and entrepreneurs building their national marketing reach should be aware of the new amendment. By acting accordingly, business owners avoid costly fines and, most importantly, continue ethical marketing practices.