Internet marketing is the modern age miracle for marketing strategists. Getting your word out to the masses quickly and automatically, and at next to no-cost retrieve customer’s data, is a boon for many companies.
However, being the guardian of all of this personal data means additional legal responsibility due to the threat of invasion of privacy.
State Internet Privacy Protection
California S.B. 27, “Shine the Light” Law
The Shine the Light Law allows customers to ask a business for exactly what information has been collected from them and whom they have shared it with. Businesses must comply with the request by listing the categories of information gathered, and the names and addresses of any direct marketers the information has been given to within 30 days of the request. The law is codified in Section 1798.83 of the California Civil Code.
This law applies to any business that has a relationship with a customer and has disclosed a customer’s personal data to a third party who will use the data for direct marketing purposes.
- Non-profit organizations
- Businesses with less than 20 full time or part-time
- Political fundraisers.
- Financial businesses that are already compliant with the California Financial Information Privacy Act.
S.B. 27 states explicitly that if a customer must accept a provision waiving his or her rights to the use of their private information, such a waiver is void and against public policy.
A business must provide its customers with either a toll-free phone number, fax number, e-mail address or mailing address that can be used by its customers to request the following:
- Categoriesof information collected from the customer (e.g., name and address, e-mail, date of birth, race, religion, occupation, phone number, education, ), AND
- Third Party Namesand addresses of each direct marketer the business has supplied the personal information to during the previous year, AND
- The Type of Products or Servicesthe third-party markets, AND
- Train all employees(or their supervisors) to respond to a customer’s request relating to the use of the customer’s personal data, OR
AB 68, Online Privacy Protection Act (CalOPPA)
This is a broad law codified in Section 22575 of the California Business and Professions Code, which requires websites or online services to post privacy policies on their sites and to comply with them. These websites must also disclose if they are tracking online visits.
AB 68 applies to any operator or owner of a commercial website or online service that collects a California resident’s personally identifiable data during use of their website. This law does not apply to entities which store personal data for third-parties like Internet Service Providers (ISP).
- Provide detailsof how a consumer can review and amend any of his or her personal information to the extent the business maintains a process for doing so
- Describe the categoriesof personal data collected and categories of third parties and their agents with whom the online business may share such information;
With technology changing so quickly, some laws become outdated very quickly. However, they are already in place, and some parts of those laws are still relevant.
The Electronic Communications Privacy Act of 1986 (ECPA)
In the beginning of the internet and intranet, email and internet phone calls brought about privacy issues. ECPA protects those emails and phone calls, meaning they cannot be read or intercepted without a warrant.
The downside of this law is that this only applies to public servers. ECPA does not protect an employer-owned, or privately owned, server. Also, any emails which remain more than 180 days on a server are abandoned and are subject to being opened by an unintended recipient with a subpoena.
The US Patriot Act
After the September 11 terrorist attack, the government made it legal for the FBI and such entities to read all communications they deem as a terrorist act. It did not take long for this law to become irrelevant and abused. However, in 2015 the Patriot Act was amended with the Freedom Act to further protect citizens online behavior and communications.
The Recent Internet Privacy Rollback
The Recent Internet Privacy Act was intended to revoke a law stating Internet Service Provider’s (ISPs) must disclose their intention of use with a consumer’s personal data. Internet Service Providers would also have to disclose if third-parties received this data, have a plan in place in case of a security breach and provide the same price for all internet security tiers.
As with all laws, details are subject to change. If you would like the most up-to-date information, Flying Cow Design can help with lawyer referrals.