Flying Cow Design Studio - Web and Print Design  
   
 

internet privacy law

Internet Privacy Laws: SB 27, AB 68 and your website.

Internet Marketing is the modern age miracle for Marketers. Getting your word out to the masses quickly and automatically, and at next to no cost retrieve customers details and information, is a boon for many companies.
But - Being the guardian of all of that personal information means additional responsibility.

Federal Implications
If a business directly (or indirectly via an agent) violates its own internet privacy policy, it is seen as carrying out deceptive or unfair trade practices and can be prosecuted by the Federal Trade Commission (the "FTC") under Section 5 of the FTC Act. Some businesses trying to make sure that they could not be prosecuted by the FTC, created a loophole by choosing not to publish a privacy policy at all, but where did that leave the consumer?

State Internet Privacy Protection
As this loophole allowed deceptive marketers to use customers information as they wished, state legislation was introduced to protect the consumer and close the loophole for the states residents. The State of California did this with SB 27 and AB 68.

SB 27
 Allows a customer to ask a business for exactly what information has been collected from them and whom they have shared it with. Businesses must comply with the request by listing the categories of information gathered, and the names and addresses of any direct marketers the information has been given to within 30 days of the request. The law is codified in Section 1798.83 of the California Civil Code.

Who it applies to;
 Any business that has a relationship with a customer and has disclosed customers personal information to a third party who will use the personal information for direct marketing purposes.

Exemptions;

  • Any business whose privacy policy publicy states that they will only disclose any personal information to third parties for direct marketing purposes if the customer is given explicit opt-in or opt-out capabilities by the third party.
  • Nonprofits.
  • Businesses with less than 20 full time or part time employees.
  • Political Fundraisers.
  • Financial Businesses that are already compliant with the California Financial Information Privacy Act.

SB 27 specifically states that if a customer has to accept a provision waiving his or her rights to the use of their private information, such a waiver is void and against public policy.

Requirements;
 A business must provide its customers with either a toll-free phone number, fax number, e-mail address or mailing address that can be used by its customers to request ...

  • Categories of information collected from the customer (e.g., name and address, e-mail, date of birth, race, religion, occupation, phone number, education, etc.), AND
  • Third Party Names and addresses of each direct marketer the business has supplied the personal information to during the previous year, AND
  • The Type of Products or Services the third party markets, AND
  • Train all employees (or their supervisors) to respond to a customer's request relating to use of the customer's personal information, OR
  • Add a link titled "Your Privacy Rights." to the home page of the business's web site that takes the customer directly to the business's general privacy policy. The first page following the link must describe the customer's rights under SB 27, and provide the customer with information on how to request information from the business. The link must be in larger type than the surrounding text, or in contrasting type, font or color.

AB 68
This is a broad law codified in Section 22575 of the California Business and Professions Code), which requires Web sites or online services to post privacy policies on their sites and to comply with them.

Who it applies to;
 Any operator of a commercial web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial web site or online service.

Requirements;
All online businesses must post a privacy policy on its web site or, if the business is an online service with no web site, must make the policy available by other reasonably accessible means. At a minimum, the privacy policy must ...

  • Provide details of how a consumer can review and ammend any of his or her personal information to the extent the business maintains a process for doing so
  • Describe the categories of personal information collected, and categories of third parties and their agents with whom the online business may share such information;
  • Describe the process by which the operator of the Web site or online service will notify consumers of material changes to its privacy policy; and
  • Identify the effective date of the privacy policy.

As with all laws, details are subject to change. If you would like the most up to date information we would be pleased to refer the lawyers we use, to you.

  
   

Portfolio | Services | Company | Methodology | Contact Us | Careers | Resources | Site Map

Silicon Valley · Las Vegas · Phoenix · Louisville · Kansas City · Houston · Chicago · Atlanta · New York · Auckland · Wellington
Copyright © 2005 Flying Cow Design Studio. Privacy Policy.