
As in many other areas of law, the State of California has been on the front line of bringing about aggressive changes in the laws concerning protection for online consumers. The economic power and size of California, in addition to being the primary locus for much of the startup activity in the technological world, means that the cost of doing business for many companies includes compliance with California privacy law. Many elements of privacy protection, which are merely recommended by the Federal Trade Commission and other regulatory bodies, are required by statute in California. A prime example is the Online Privacy Protection Act. Technology law scholars, Richard Raysman and Peter Brown, note that the law “requires that any collection of personally identifiable information from California residents through a Web site or online service for commercial purposes be done pursuant to a conspicuously posted privacy policy.” [1] Federal law creates no such requirement for disclosure.
In January of 2005, the state also passed the California Security of Information Law, which specifies businesses must ensure that personal information (defined by statute as name, driver license, Social Security Number, and any financial account numbers including credit cards) is properly protected. Although certain sections of this law has been preempted by federal information security regulations (under HIPAA, Gramm-Leach-Bliley Act, Fair and Accurate Credit Transactions Act, etc…), much of it is still in effect. In addition, Cal. Civ. Code § 1798.81.5, mandates that companies mandate appropriate security measures to protect personal information from unauthorized disclosure.[2] California also has more stringent requirements about the disclosure of information to direct marketers and, pursuant to Cal. Civ. Code § 1798.81.5, requires specific provisions in contracts between companies and thirds parties where private personal information will be communicated to a third party.
Furthermore, under Cal. Civ. Code § 1798.82, companies are liable for security breaches that occur as a result of third party service providers. Business must promptly notify California residents when their personal information was potentially compromised, whether or not they have any actual liability for the breach. Required disclosures for when breaches occur included specific information about the type of breach that occurred and the timing of the breach.[3] The state has assembly has since softened the notice requirement by allowing an entity to provide substitute notice by posting information about the breach on the company’s website. This measure has significantly reduced the cost of notice for startups and small businesses, but the cost of assessing the breach and what specific information was compromised still remains. California was also the first state to establish a centralized method of reporting, recording and cataloging security breaches.
[1] Richard Raysman and Peter Brown, Computer Law: Drafting and Negotiating Forms, CLDNF § 15.02 (2009).
[2] Jeffrey D. Neuburger, Technology, The Internet and Electronic Commerce: Staying Interactive in the High-Tech Environment, A Summary of Recent Developments in the Law. 927 PLI/Pat 699, (February-April 2008)
[3] Cal. Civ. Code §1798.83 et seq.
"Sam is a wonderful, results-oriented and extremely knowledgeable and talented attorney, who really has 'heart' in working on behalf of his clients, and explains options in a straightforward, respectful manner. He has assisted us with great outcomes which have added to our quality of life. I would not hesitate to recommend Sam for his services as he is an ethical, personable and expert attorney in his field. You will likely not be disappointed with Sam's work ethic, approach and his efforts."
-Aileen Dwight, Licensed Clinical Social Worker & Psychotherapist
Last updated: June 3, 2023
Our best stuff: secrets, tax saving tools, and tax defense strategies from the braintrust at Brotman Law.
These ten big ideas will change the way you think about your taxes and your business.
Find the articles and videos you need to make the right tax decisions in the learning center.
It is not just about what we do, but who we are, why we do it, and how that benefits you.
Meet with us to outline your strategy. No further obligation, 100% money-back guarantee.
According to United States bankruptcy law, an automatic stay is defined as an automatic injunction,...
4 min read
Robert Wood, tax expert and frequent contributor to Forbes.com, wrote that “many would-be former...
12 min read
There is a generous tax benefit that only select taxpayers qualify for. Not well known, it is...
12 min read
We'll answer your most pressing tax law questions in 15 minutes. Please choose a time below that works best for you.
IRS Circular 230 Disclosure: To ensure compliance with requirements imposed by the IRS, I must inform you that any U.S. federal tax advice contained in this website is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter contained in this website.
COMMENTS