California has taken a leading role in protecting the privacy interests of its residents. Numerous laws regulate online practices that can affect a person's privacy.
One of those laws is the California Online Privacy Protection Act. The purpose of the Act is to make sure people understand their privacy rights, and to ensure that website owners have policies and mechanisms in place for protecting those interests.
If your website sells a product or service to California residents the California Online Privacy Protection Act applies. The Act requires commercial websites to disclose what is done with private information of its users.
Private information includes their name, address, email address, phone number, social security number, and other similar identifiers. The website must then conspicuously post the categories of private information it collects, any process a person has for reviewing or making changes to that information, how website visitors are informed of privacy policy changes, and the effective date of the policy.
It is not very difficult to comply.
However, many generic privacy policies found on the web are inadequate and do not include the required terms and information. Finding or copying a free privacy policy does not do a website owner any good. In fact, it may unnecessarily highlight an issue or cause legal problems for the website.
According to California's law a website operator informed of legal compliance has 30 days to take corrective action. Since the law does not specify who is to give the notice, apparently anyone can.
Generally, the privacy policy should be linked from the home page of the website. The link should include the word -privacy- and be conspicuous, such as in all caps, contrasting type, or larger font.