Find a reputable business?

Business Consumer Alliance Blog

Is Your Privacy Policy In Compliance?

Today, so much of our personal information is shared and stored on phones, computers, and online. It’s critical that strong privacy programs are in place to safeguard consumers and our economy. Businesses should have clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions. California Attorney General, Kamala D. Harris, recently issued a guide to help businesses comply with changes to the California Online Privacy Protection Act (“CalOPPA”), which became effective January 1, 2014.

privacy policy

CalOPPA requires that operators of commercial websites, online services, and mobile applications that collect personally-identifiable information from California's residents conspicuously post and comply with a privacy policy that meets certain requirements. The privacy policy must detail the kinds of information gathered by the website, how the information may be shared with other parties, and, if applicable, describe the process the user can use to review and make changes to their stored information. It also must include the policy's effective date and a description of any changes since then.

In addition to these disclosures, the recent amendment to the Act requires online operators to disclose how it responds to Internet browser “Do-Not-Track” signals or other mechanisms that enable consumers to exercise choice regarding the collection of such information. This information may be included in the privacy policy itself or by a hyperlink to a web page that describes any program or protocol followed by the operator that offers consumers choice about online tracking. Another amendment to the Act requires privacy policies to state whether other parties may collect personally-identifiable information when a consumer uses the operator’s website or services.

To comply with the Act and its modifications, the guide’s key recommendations include:

  • Prominently label the section of your policy regarding online tracking. For example: “California Do-Not-Track Disclosures.”
  • Describe how you respond to a browser’s Do-Not-Track signal or similar mechanism within your privacy policy instead of providing a link to another website.
  • If third parties are or may be collecting personally-identifiable information, say so in your privacy policy.
  • Explain your uses of personally-identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of the website or app.
  • Describe what personally-identifiable information you collect from users, how you use it, and how long you retain it.
  • Describe the choices a consumer has regarding the collection, use, and sharing of his or her personal information.
  • Use plain, straightforward language that avoids legal jargon and use a format that makes the policy readable, such as a layered format. Use graphics or icons instead of text.

Online operators of website and mobile applications should take time to review their privacy policies to determine whether changes are necessary to meet the CalOPPA amendments. Failure to provide the proper disclosures may lead to enforcement by the Department of Justice’s Privacy Enforcement and Protection Unit, who is responsible for enforcing state and federal privacy laws.

To view the guide entitled “Making Your Privacy Practices Public”, visit the California Attorney General’s website,, or call their public inquiry unit at (916) 322-3360.

About Business Consumer Alliance:

Business Consumer Alliance (BCA) is a non-profit which started in 1936. The broad purpose of BCA is to promote business self regulation. BCA's mission is achieved by assisting consumers in resolving complaints with businesses and using that complaint information along with other relevant information like customer reviews to forecast business reliability. With community support, BCA can identify trustworthy and ethical businesses and warn the public to avoid unscrupulous businesses whose purpose is to defraud the marketplace. BCA obtains its funding from member businesses who support the mission and purpose of the organization and who agree to abide by high standards of ethical business practices.