The High-touch Legal Services® Blog…for Startups!

© 2009-2021 Dana H. Shultz

If You Want Personal Info from CA Residents, You Need a Privacy Policy

Seal of the California Attorney General, who addressed privacy policy requirements

Any Website provider or online service – including any mobile app – that collects personally identifiable information from users residing in California needs to have a privacy policy. And that privacy policy must be posted conspicuously. The details are set forth in Business and Professions Code Sections 22575 through 22579.

Personally identifiable information includes, but is not necessarily limited to:

  • First and last name
  • Physical address, including street name and name of a city or town
  • Email address
  • Telephone number
  • Social security number
  • Any other identifier that permits the physical or online contacting of a specific individual

The privacy policy must:

  • Identify the categories of personally identifiable information that the operator collects.
  • Provide a description of the process, if one exists, by which users may review, and request changes to, their personally identifiable information.
  • Describe the process by which users are notified of changes to the policy.
  • Identify its effective date.

Section 22577(b) describes, in detail, ways that the requirement to conspicuously post the policy can be satisfied.

These requirements are enforced by the Office of the Attorney General.

Related posts:

Dana H. Shultz, Attorney at Law  +1 510 547-0545  dana [at] danashultz [dot] com
This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact a lawyer directly.