The California Online Privacy Protection Act (CalOPPA) is a privacy law in California that requires commercial websites and online services that collect personally identifiable information (PII) about California residents to conspicuously post a privacy policy on their websites.
CalOPPA was enacted in 2003 and is intended to help consumers understand what personal information is being collected about them and how it will be used, as well as giving them the ability to make informed choices about sharing their personal information with websites and online services.
CalOPPA applies to any commercial website or online service that collects PII from California residents, regardless of where the website or service is located.
PII includes information like a person’s name, address, email address, social security number, and other data that could be used to identify an individual.
Under CalOPPA, website and online service operators must include the following information in their privacy policies:
- The categories of PII that the website or service collects
- The categories of third parties with whom the website or service shares PII
- A description of the process for users to review and request changes to their PII, if such a process exists
- A description of how the website or service responds to web browser “Do Not Track” signals, if applicable
- The effective date of the privacy policy
In addition, the privacy policy must be “conspicuously posted” on the website or online service, typically by providing a link to the policy on the homepage or in the footer of the site.
Failure to comply with CalOPPA can result in penalties of up to $2,500 per violation, which can add up quickly for large websites or online services with many California-based users. Because of this, it’s important for businesses to make sure they comply with the law and have an up-to-date privacy policy in place.
