Personally identifiable information means individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following: (1) first and last name, (2) home or other physical address, including street name and name of a city or town, (3) e-mail address, (4) telephone number, (5) Social Security number, (6) any other identifier that permits the physical or online contacting of a specific individual, or (7) information concerning a user that the website or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described in the Act (California Bus. and Prof. Code Section 22577(a)).
- identify the categories of personally identifiable information that the operator collects through the website or online service about individual consumers who use or visit its commercial website or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information;
- provide a description of any process for an individual consumer who uses or visits its commercial website or online service to review and request changes to any of his or her personally identifiable information that is collected through the website or online service;
- identify its effective date.
California Bus. and Prof. Code Section 22575(b).
- includes the word "privacy,"
- is written in capital letters equal to or greater in size than the surrounding text, or
- is written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language;
- any other functional hyperlink that is so displayed that a reasonable person would notice it; or
California Bus. and Prof. Code Section 22577(b).
Ramifications for Noncompliance
The Act is one of the privacy laws that the Privacy Enforcement and Protection Unit in the California Department of Justice is charged with enforcing. The mission of this unit, which was created in July, is to enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government, including laws regarding cyber privacy, health privacy, financial privacy, identity theft, government records, and data breaches.
This article was first published on IRMI.com and is reproduced with permission. Copyright 2012, International Risk Management Institute, Inc.