Does Your Website Privacy Policy Violate The Law?

June 24, 2011
Virtually every business has a website, and nearly every website has (or should have) a privacy policy describing how personal information gathered

Virtually every business has a website, and nearly every website has (or should have) a privacy policy describing how personal information gathered through the website is used and disclosed. What many businesses don't realize is that there's a California law that imposes some very specific requirements regarding the content and placement of those online privacy policies.

The law is called the California Online Privacy Protection Act of 2003 and, on June 4, fourteen consumer groups sent a letter to Google stating their view that Google was not in compliance with the law because its privacy policy was not displayed prominently enough on its website. Google's home page is uncluttered (some would say stark) by design. Google's privacy policy is not linked directly on the home page, but can be accessed after clicking "About Google" at the bottom of the home page. The consumer groups charge that this does not satisfy the California law's requirement that a privacy policy be posted on the home page or the first "significant page after entering the website." The consumer groups signing the letter included the Electronic Privacy Information Center, the ACLU of Northern California, the Center for Digital Democracy and the World Privacy Forum.

The California law applies to your website if you are the operator of a commercial website that gathers "personally identifiable information" online. Any website that gathers personal information from California residents is subject to the law. This is yet another example of how California privacy laws establish a de facto national standard for the privacy practices of national companies.

Your online privacy policy may not comply with the California statute if:

1. Your policy does not describe how your gather, use and disclose personally identifiable information;

2. Your policy is not "conspicuously posted," in accordance with the statute's very specific standards; or

3. Your policy does not include an effective date.

Complying with the Online Privacy Protection Act is not particularly difficult, but it is very difficult if you aren't even aware that the statute applies to you …..

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self-Service for MEDITECH Hospitals

Today’s consumers expect access to digital self-service capabilities at multiple points during their journey to accessing care. While oftentimes organizations view digital transformatio...

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.