The High-touch Legal Services® Blog…for Startups!

If You Want Personal Info from CA Residents, You Need a Privacy Policy

November 14, 2012 at 3:35 pm Comments disabled

Seal of the California Attorney General, who addressed privacy policy requirements

Any Website provider or online service – including any mobile app – that collects personally identifiable information from users residing in California needs to have a privacy policy. And that privacy policy must be posted conspicuously. The details are set forth in Business and Professions Code Sections 22575 through 22579.

Personally identifiable information includes, but is not necessarily limited to:

First and last name
Physical address, including street name and name of a city or town
Email address
Telephone number
Social security number
Any other identifier that permits the physical or online contacting of a specific individual

The privacy policy must:

Identify the categories of personally identifiable information that the operator collects.
Provide a description of the process, if one exists, by which users may review, and request changes to, their personally identifiable information.
Describe the process by which users are notified of changes to the policy.
Identify its effective date.

Section 22577(b) describes, in detail, ways that the requirement to conspicuously post the policy can be satisfied.

These requirements are enforced by the Office of the Attorney General.

Related posts:

Dana H. Shultz, Attorney at Law +1 510 547-0545 dana [at] danashultz [dot] com
This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact a lawyer directly.

Categories
Privacy

Tags
California, Mobile app, Online service, Privacy Policy, Website

« What is a Board of Directors?

Can a Partnership Have Just One Partner? »