California welcomed 2015 with a slew of new online privacy laws. If you run a commercial website – or otherwise collect personal data about users – there’s a good chance you’re beholden to California’s online privacy laws.
But why? You don’t operate out of California, right?
California’s online privacy laws aren’t only for websites and companies based in California, but apply to any and all commercial websites or apps available for use to California residents.
Below is a list of California’s latest digital privacy statutes. The state’s Online Privacy Protection Act law is still in effect, also. To speak with an Internet lawyer about an online privacy legal audit, head over here.
List of California Online Privacy Bills That Became Law In 2015
Privacy Rights for California Minors in the Digital World Senate Bill No. 568
Digitally marketing firearms, tobacco or alcoholic beverages to Californian’s minors is no longer legal. Neither is compiling personally identifiable information about people aged 17 and younger, nor enabling other people to do so. Think of SB 568 as “COPPA for teenagers.”
Data Breach Notification Amendments Assembly Bill No. 1710
Assembly Bill No. 1710 broadened the liability for data brokers holding (“own or license”) information on Californian residents. Specifically, the new law requires data brokers to:
“…implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.”
Patient Medical Breach Notification Period Extension Assembly Bill 1755
Most of the 2015 California online privacy laws tighten restrictions, but AB 1755 does the opposite. Known as the Medical Information Breach Notification Bill – it extended the notification grace period for patient data breaches from 5 to 15 days.
In addition, AB 1755 allows for email as an acceptable method of patient contact and notification. The law does stipulate, however, that email cannot be used unless the patient gives consent.
Pupil Records Privacy; 3rd-party contracts; digital storage services and digital educational software Assembly Bill No. 1584
In not so many words, Assembly Bill No. 1584 allows “educational agencies” (e.g., school districts, universities, etc.) to finally put both feet in the 21st century by granting leeway to contract cloud computing programs on a mass scale.
Pupil Records and Social Media Assembly Bill No. 1442
Another online privacy law protecting students, AB 1442 focuses on social media data. If school representatives collect information about students’ social media accounts, they’re not allowed to sell it, rent it or use it in an unauthorized manner. The law goes so far as to give “destruction instructions” for student social media account information inadvertently (or purposefully) collected.
Student Online Personal Information Protection Act Senate Bill No. 1177
Another student-focused online privacy law, Senate Bill No. 1177 addresses advertising in educational software. Essentially, the new law prohibits marketers from a) using in-app, targeted advertising and b) building student profiles using information gathered via software and platforms used in schools and other educational institutions. The law also calls for on-demand information deletion under certain circumstances.
Consult With An Online Privacy Lawyer
Kelly / Warner attorneys intimately understand the parameters of both state and federal online privacy laws and regulations. If you run a website in the U.S., there’s a significant chance you’re beholden to not only California online privacy laws – foreign (yep, foreign) statutes, too. If you have an online business presence, get a privacy audit with an experienced Internet lawyer. It won’t cost much – and definitely less than the fines you’ll avoid. Get in touch today.