SMITH SHAPOURIAN MIGNANO PC - SAN FRANCISCO LAW FIRM FOR STARTUPS AND SMALL BUSINESSES
  • Home
  • About Us
    • Teela Crosthwaite Smith
    • Neda Shapourian
    • Lindsey S. Mignano
    • Kelly Lawton-Abbott
    • Jason D. Crain
    • Amy Carpio-Bruno
    • Jordan T. Lee
  • Services
  • News
  • Blog
  • DEI Policy
  • Contact
  • Home
  • About Us
    • Teela Crosthwaite Smith
    • Neda Shapourian
    • Lindsey S. Mignano
    • Kelly Lawton-Abbott
    • Jason D. Crain
    • Amy Carpio-Bruno
    • Jordan T. Lee
  • Services
  • News
  • Blog
  • DEI Policy
  • Contact
Search

blog

website Privacy policies: why your business website probably needs one

7/13/2016

1 Comment

 
California businesses with “Contact Us” forms on their websites must comply with the requirements of the California Online Privacy Protection Act (“OPPA”).  This means that the businesses likely should: (1) have a written privacy policy in place from inception of the website; and (2) “conspicuously post” their privacy policy on their website.  See California Business and Professions Code Section 22577(b).

Requesting “Personally-Identifiable Information” on Your “Contact Us” Page

As a preliminary matter, most “Contact Us” forms on business websites request at least some of the following “personally identifiable information” from prospective customers/clients visiting the website:

(1) A first and last name.
(2) A home or other physical address, including street name and name of a city or town.

(3) An e-mail address.
(4) A telephone number.
(5) A social security number.
(6) Any other identifier that permits the physical or online contacting of a specific individual.


See California Business and Professions Code Section 22577(a).  

As a result, most businesses with “Contact Us” forms must provide website visitors with the link to access their business' privacy policy on their website.  

“Conspicuously Post” Your Privacy Policy

The privacy policy link must be displayed on the website in a manner that is “conspicuous.”  This means that the privacy policy must be displayed on:

(1) A Web page on which the actual privacy policy is posted if the Web page is the homepage or first significant page after entering the Web site.

(2) An icon that hyperlinks to a Web page on which the actual privacy policy is posted, if the icon is located on the homepage or the first significant page after entering the Web site, and if the icon contains the word "privacy." The icon shall also use a color that contrasts with the background color of the Web page or is otherwise distinguishable.

(3) A text link that hyperlinks to a Web page on which the actual privacy policy is posted, if the text link is located on the homepage or first significant page after entering the Web site, and if the text link does one of the following:
(A) Includes the word "privacy."
(B) Is written in capital letters equal to or greater in size than the surrounding text.
(C) Is written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by
symbols or other marks that call attention to the language.


(4) Any other functional hyperlink that is so displayed that a reasonable person would notice it.

(5) In the case of an online service, any other reasonably accessible means of making the privacy policy available for consumers of the online service.

See California Business and Professions Code Section 22577(b).

Non-Compliance with the California Online Privacy Protection Act

A business that fails to include a privacy policy on its website but nevertheless collects “personally identifiable information” from visitors who reside in California shall be in violation of Section 22576 of the California Business and Professions Code if the failure is: (a) knowing and willful; or (2) negligent and material.  

Furthermore, a business can also be liable for non-compliance with OPPA in cases where a business includes a privacy policy on its website, but nonetheless fails to comply with the terms of the privacy policy.

Non-compliance can result in a costly lawsuit.  For example, in late 2012, the State of California filed a lawsuit against Delta Airlines alleging that "the Fly Delta [mobile application] on multiple platforms still does not have a privacy policy conspicuously posted, i.e., reasonably accessible to consumers within the [mobile application]."  The complaint's sole cause of action alleged that Delta was in violation of the California’s Unfair Competition Law (“UCL”) by committing "unlawful, unfair, or fraudulent business acts and practices," including, but not limited to, the following: (a) “knowingly and willfully” or “negligently and materially” failing to conspicuously post a privacy policy in its Fly Delta mobile application; and (b) by “knowingly and willfully” or “negligently and materially” failing to even comply with the website privacy policy posted on the Delta website.  In its prayer for relief, the State sought: (1) $2,500 for each violation of the UCL; (2) injunctive relief enjoining Delta from committing any acts of unfair competition; and (3) an award of costs of the lawsuit including attorney fees and investigation costs.  While this lawsuit was later defended on appeal based on preemption grounds that were specific to the case itself (i.e., the Airline Deregulation Act of 1978 preempted the UCL lawsuit), this case provides an example of how businesses may be sued by the State for non-compliance with OPPA, and the types of damages for which businesses may be liable.  Click here for the decision.

Smith Shapourian & Mignano, LLP is available to answer any questions or concerns you may have regarding your business’ privacy policy, as well as to defend your business against allegations of OPPA violations.  Please contact us for a consultation.

This blog does not constitute solicitation or provision of legal advice, and does not establish an attorney-client relationship. This blog should not be used as a substitute for obtaining legal advice from an attorney licensed or authorized to practice in your jurisdiction. You should always consult a suitably qualified attorney regarding any specific legal problem or matter in a timely manner, as statutes of limitations may bar your claim.
1 Comment
Gary Labrecque link
11/7/2022 10:27:09 am

The icon shall also use a color that contrasts with the background color of the Web page or is otherwise distinguishable. I truly appreciate your great post!

Reply



Leave a Reply.

    Archives

    October 2022
    September 2022
    September 2021
    June 2021
    May 2021
    March 2021
    January 2021
    December 2020
    October 2020
    September 2020
    August 2020
    June 2020
    May 2020
    April 2020
    March 2020
    January 2020
    June 2019
    April 2019
    March 2019
    February 2019
    November 2018
    October 2018
    September 2018
    May 2018
    April 2018
    March 2018
    February 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    January 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016

    Categories

    All
    83(b) Elections
    Arbitration
    Benefit Corporation
    Bootstrapping
    Business Name
    Buy-Sell Agreement
    Cannabis
    CBD
    Cloud
    Commercial Lease
    Contracts
    Conversion
    Coronavirus
    Crowdfunding
    Delaware Flip
    Dissolution
    Early Hires
    Employers
    Employment Law
    Entrepreneurs
    Entrepreneur Spotlight
    Financials
    Funding/Financing
    GDPR
    Guest Blogger
    Health Care
    HR
    Industrial Hemp
    Insurance
    IT Solutions
    Joint Ventures
    Litigation
    LLC
    LOEN
    Logo
    Marketing
    Non Profits
    Non-Profits
    Partnerships
    Patent
    Pitch Deck
    Privacy Policy
    Professional Corporation
    Raising Money
    S Corp
    Securities
    Settlement
    Small Business
    Sole Proprietorship
    Startups
    Stock Options
    Tax
    Trademarks
    Website

    RSS Feed


​© 2022 Smith Shapourian Mignano PC.  All Rights Reserved.
Privacy Policy 
Terms of Use
Accessibility Statement

Attorney Advertising 
​Client Reviews & Testimonials

​

  • Home
  • About Us
    • Teela Crosthwaite Smith
    • Neda Shapourian
    • Lindsey S. Mignano
    • Kelly Lawton-Abbott
    • Jason D. Crain
    • Amy Carpio-Bruno
    • Jordan T. Lee
  • Services
  • News
  • Blog
  • DEI Policy
  • Contact