We’ve talked before about GDPR, the European General Data Protection Regulation which came into effect in May 2018. The GDPR was a big step forward for data privacy and privacy by design, and aims to be very far-reaching.
But there is another privacy regulation that predates the GDPR by fifteen years and also affects your website. Unlike GDPR, which is an overarching policy about consumer privacy both online and offline, California Online Privacy Protection Act of 2003 (CalOPPA) focuses on consumer data protection through clear website privacy policies about how websites handle personal identifiable information. Personal identifiable information includes name, date of birth, address, social security number, email, phone number, IP address, and any number of other elements which would allow a physical person to be identified.
Like GDPR, however, CalOPPA has a broad scope: it applies to any website accessible to a user from California. This means it affects every website out there, just as GDPR applies to any websites European users may visit.
How can your website comply with CalOPPA?
- Include the categories of personally identifiable information collected by the website owner.
- Note the categories of third parties with whom the website owner may share that information.
- Explain how the user can review and request changes to his or her personally identifiable information.
- Explain how the website responds to Do Not Track signals from browsers.
- Tell whether third parties may collect visitors’ personally identifiable information on the website.
If you’ve read our posts on GDPR, you’ll notice that there is a lot of overlap here. Privacy by design and transparency with your visitors is the name of the game.
If you need help making your website compliant with CalOPPA or GDPR, get in touch.
For further reading:
- Consumer Federation of California Education Foundation
- Recommendations from the California Attorney General
- International Association of Privacy Professionals
- Federal Trade Commission