Internet Privacy Legal Compliance

IS YOUR WEBSITE COMPLIANT WITH THE LAW?

Privacy PolicySome industries have specific rules they must adhere to for all their advertising and marketing, both offline and online.  The Healthcare industry has specific marketing regulations, codes and guidelines. Lawyers and legal associations must follow Bar Rules. In California,  this includes Rule I-400.

Any website, blog , internet site or application (app)  that wants to stay in good standing with search engines, must follow their specific terms and conditions. The two largest, Google and Yahoo, have these webmaster guidelines prominently posted, updated and available.

There are also State and Federal laws governing how ALL websites must behave to insure the privacy of their visitors.  There are additional laws (below) that are specific to protect the privacy of children. The following list does not cover all the internet privacy laws currently in force, or being proposed. You are advised to be knowledgeable of the laws that apply to your business – Federal, State and your specific industry.

  • CALIFORNIA – Online Privacy Protection Act of 2003 – California Business and Professions Code sections 22575-22579. This law requires operators of commercial web sites or online services that collect personal information on California residents through a web site to conspicuously post a privacy policy on the site and to comply with its policy. The privacy policy must, among other things, identify the categories of personally identifiable information collected about site visitors and the categories of third parties with whom the operator may share the information. The privacy policy must also provide information on the operator’s online tracking practices. An operator is in violation for failure to post a policy within 30 days of being notified of noncompliance, or if the operator either knowingly and willfully or negligently and materially fails to comply with the provisions of its policy. This law takes effect July 1, 2004.
  • Assembly Bill No. 370 (AB 370) amends Section 22575 of the state’s Business and Professions Code. Section 22575 requires the operator of a website that collects personally identifiable information on consumers residing in California who use or visit the site to conspicuously post its privacy policy on the site.  (The operator of an online service must make its privacy policy available by any reasonable accessible means.)As amended by AB 370, Section 22575 requires such an operator to include in its privacy policy a description of how the operator responds to do-not-track settings in consumers’ browsers. The law describes such settings as “signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services.” An operator can satisfy the new requirement “by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.” The law also requires an operator to disclose in its privacy policy whether, when a consumer uses the operator’s website or service, other parties can collect personally identifiable information about a consumer’s online activities “over time and across different Web sites.”
  • CALIFORNIA NON PROFIT COMPANIES – California Ed. Code § 99122
    Requires private nonprofit or for-profit postsecondary educational institutions to post a social media privacy policy on the institution’s Internet Web site
  • CONNECTICUT Gen. Stat. § 42-471
    Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be “publicly displayed” by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.

ADDITIONAL LAWS TO PROTECT CHILDREN’S PRIVACY

  • Children’s Online Privacy Protection Rule (“COPPA”). COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
  • Calif. Bus. & Prof. Code §§ 22580-22582 (2013 S.B. 568, Chapter 336) (Effective 1/1/2015.)
    California’s Privacy Rights for California Minors in the Digital World Act, also called the “eraser” bill, will permit minors to remove, or to request and obtain removal of, content or information posted on an Internet Web site, online service, online application, or mobile application. It also prohibits an operator of a Web site or online service directed to minors from marketing or advertising to minors specified products or services that minors are legally prohibited from buying. The law also will prohibit marketing or advertising certain products based on personal information specific to a minor or knowingly using, disclosing, compiling, or allowing a third party to do so.

 
Laws regarding making false and misleading statements in website Privacy Policies

  • NEBRASKA  Nebraska Stat. § 87-302(14)
    Nebraska prohibits knowingly making a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.
  • PENNSYLVANIA 18 Pa. C.S.A. § 4107(a)(10)
    Pennsylvania includes false and misleading statements in privacy policies published on Web sites or otherwise distributed in its deceptive or fraudulent business practices statute.

Your privacy policy should be specific to  your website, blog, app, etc. and not simply copy of someone else’s. Your privacy policy should be as unique and specific as your business.

Is your website compliant? Contact us to discuss your specific industry website, your goals and needs. Click to e-mail us or call 800-569-8279

Additional Resources:

SBA and Privacy Policy
FTC
Cal Gov
FTC Privacy and Security