California rung in 2015 with a slew of new online privacy laws. If you run a commercial website – or otherwise collect personal data about users – there’s a good chance you’re beholden to California’s online privacy laws.
But why? You don’t operate out of California, right?
California’s online privacy laws aren’t only for websites and companies based in California. They apply to any and all commercial websites or apps available for use in California.
Below is a list of the Golden State’s latest digital privacy statutes. The state’s original online privacy law is still in effect, also. To speak with an Internet lawyer about an online privacy matter, head over here.
List of California Online Privacy Bills That Became Law In 2015
Privacy Rights for California Minors in the Digital World Senate Bill No. 568
Digitally marketing firearms, tobacco, or alcoholic beverages to California’s minors is no longer allowed. Neither is compiling personally identifiable information about people aged 17 and younger, nor enabling other people to do so. Think of SB 568 as “COPPA for teenagers.”
Data Breach Notification Amendments Assembly Bill No. 1710
Assembly Bill No. 1710 broadened the liability for data brokers holding information on California residents. Specifically, the new law requires data brokers to:
“…implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.”
Patient Medical Breach Notification Period Extension Assembly Bill 1755
Most of the 2015 California online privacy laws tighten restrictions, but AB 1755 does the opposite. Known as the Medical Information Breach Notification Bill – it extended the notification grace period for patient data breaches from 5 to 15 days.
In addition, AB 1755 allows for email as an acceptable method of patient contact and notification. The law does stipulate, however, that email cannot be used unless the patient gives consent.
Pupil Records Privacy; 3rd-party contracts; digital storage services and digital educational software Assembly Bill No. 1584
Assembly Bill No. 1584 allows “educational agencies” (e.g., school districts, universities, etc.) to put both feet in the 21st century by granting leeway to contract cloud computing programs on a mass scale.
Pupil Records and Social Media Assembly Bill No. 1442
Another online privacy law protecting students, AB 1442 focuses on social media data. If school representatives collect information about students’ social media accounts, they’re not allowed to sell it, rent it or use it in an unauthorized manner. The law goes so far as to give “destruction instructions” for information inadvertently (or purposefully) collected.
Student Online Personal Information Protection Act Senate Bill No. 1177
Another student-focused online privacy law, Senate Bill No. 1177 addresses advertising in educational software. Essentially, the new law prohibits marketers from a) using in-app, targeted advertising and b) building student profiles using information gathered via platforms used in schools and other educational institutions. The law also calls for on-demand information deletion under certain circumstances.
Consult With An Online Privacy Lawyer
Kelly / Warner attorneys intimately understand the parameters of both state and federal online privacy regulations. If you run a website in the U.S., there’s a significant chance you’re beholden to not only California online privacy laws – but foreign (yep, foreign) statutes, too. If you have an online business presence, get a privacy audit with an experienced Internet lawyer.