It’s understandable if you don’t think that website privacy policies are not on the top of your newsfeed. Apparently, Google, the world’s most popular website, changed its website’s privacy policy in June 2016, and nobody noticed. However, that anonymity may change soon, because the California Attorney General’s office is now providing a complaint form that consumers can fill out online to complain about the lack of, or deficiencies to, a website’s privacy policy. If your company hosts a website that collects information that can identify individuals, California law requires that the website have a privacy policy.

The California Online Privacy Protection Act (“CalOPPA”), California Business & Professions Code § 22575, states that a website’s privacy policy needs to disclose how it safeguards users’ personal information. Specifically, a privacy policy must:

  1. Identify what information the website collects, and with which types of persons or entities the website shares the information;
  2. Describe the process by which a user can review and request changes to the user’s information;
  3. State how the website operator will notify users of changes to the privacy policy;
  4. State the policy’s effective date;
  5. State how the website responds to “Do Not Track” signals or other ways in which personally identifiable information is used, including by other websites; and
  6. Disclose whether other parties may can collect personally identifiable information of users.

As CalOPPA violations can result in fines up to $2,500 for each download of information under Cal. Business & Professions Code 17206, the cost of not following the law can be many times more than the cost of fixing the problem.

It can be easy to miss how your website can harvest personally identifiable information, whether it is by joining mailing lists, or submitting requests for further information. Privacy policies can be fixed quickly and easily – and fixing them is a lot less hassle than a complaint filed by a competitor or disgruntled user.