New Data Privacy Laws - Will Other States Follow California?

California is leading the way in enacting two new laws that will come into effect on January 1, 2014—one related to data security breach notification and another related to new requirements for disclosure of tracking practices. California law had already imposed a requirement to provide notice to affected customers of unauthorized access to, or disclosure of, personal information. However, S.B. 46 added to the current data security breach notification requirements to include a user name or email address. Previously, breach notification in California was triggered by the unauthorized acquisition of an individual’s first name or initial and last name in combination with another element (such as a social security number, a driver’s license number, account or credit card number along with security or access codes, or medical or health information). S.B. 46 expanded the categories of information and requires notification of unauthorized access to user credential information even if that information is encrypted. Therefore, S.B. 46 greatly expanded the circumstances where notification may be required.

The California Online Privacy Protection Act (CalOPPA) has also been amended through A.B. 370 to require companies that collect personally identifiable information online to specifically include information about how they respond to “do not track” signals so that consumers have the ability to exercise choice over the collection of their personal information across online services, and whether third parties may collect personally identifiable information about a consumer’s online activities over time and across different websites. These disclosures have to be included in a company’s privacy policy, and these provisions will apply to most successful online businesses. In order to comply, companies may provide a clear and conspicuous hyperlink in their privacy policy to an online description of any program or protocol the company follows that offers the user that choice, including its effects.

Sources: http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB46 http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140AB370

For more information on this topic, please visit our Online Privacy service page.

Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm located in Dallas, TX.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution.  Additional information about the IP law firm and its IP law attorneys may be found at www.klemchuk.com.

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.