If You Want Personal Info from CA Residents, You Need a Privacy Policy
Any Website provider or online service – including any mobile app – that collects personally identifiable information from users residing in California needs to have, and must conspicuously post, a privacy policy. The details are set forth in Business and Professions Code Sections 22575 through 22579.
Personally identifiable information includes, but is not necessarily limited to:
- First and last name
- Physical address, including street name and name of a city or town
- Email address
- Telephone number
- Social security number
- Any other identifier that permits the physical or online contacting of a specific individual
The privacy policy must:
- Identify the categories of personally identifiable information that the operator collects
- Provide a description of the process, if one exists, by which users may review, and request changes to, their personally identifiable information
- Describe the process by which users are notified of changes to the policy
- Identify its effective date
Section 22577(b) describes, in detail, ways that the requirement to conspicuously post the policy can be satisfied.
These requirements are enforced by the Office of the Attorney General.
Dana H. Shultz, Attorney at Law +1 510 547-0545 dana [at] danashultz [dot] com
This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact a lawyer directly.
Dana Shultz is a business-savvy lawyer located in Northern California's San Francisco Bay Area (in the East Bay, near Oakland) who has in-depth knowledge of law, business, technology, and the needs of startup and early-stage companies.