New CA Privacy Disclosure Requirements Clarified By AG

California has a number of privacy notice requirements for businesses collecting data from California residents, including as of January 1 of this year a requirement that websites, mobile apps and online services make certain disclosures regarding how they respond to browser and other “do not track signals” and regarding the presence and functionality of tracking technologies of third parties associated with their site, app or service. The California Attorney General (CA AG), whose office has been very active in both bringing enforcement actions and working with industry to develop voluntary adoption of best practices, has recently issued a guidance document that helps explain how to comply with the most stringent online consumer privacy laws in the country. It includes an entire section dedicated to explaining how the AG believes companies should provide disclosures regarding the tracking of consumers across time and locations, the foundation of interest-based or behavioral advertising. Companies should assesses their data privacy and security practices at least annually, and ensure that policies are accurate and that the clearly and conspicuously disclose all material data practices in an easily understandable manner. The AG’s new guidance provides suggestions on how to improve readability and as to what the AG believes rises to the level of material practices that must be disclosed. It also recommends layered policies, the practice of providing short explanations of the most materials points in plain language, with a click through to  more detail, especially for mobile. BakerHostetler’s Chamber’s recognized Privacy and Data Protection team has long taken these types of approaches to privacy policies, and helps clients develop and manage comprehensive data privacy and security assessment and compliance programs. If your company has yet to institute such a program, or you have not done an assessment as part of such a program since the new California laws went into effect in January, now is a good time to examine these issue and the CA AG’s new guidance document provides a helpful resource.

For more information see “Making Your Privacy Practices Public” or contact Alan Friel (afriel@bakerlaw.com or 310.442.8860).