If a California resident accuses you of violating the law, which extends current state privacy law to cover Web sites and online services, you get 30 days to fix the problem. If you don't, that resident could sue you.
List all the categories of personal information
you collect at your site and whom you share that information
("Personal information" is full name, address, email address, phone, Social Security number, anything else that would let you reach an individual and anything you collect in a cookie or other online device.Condition 2:
Explain whether and how visitors can review and change their personal information
Explain how you notify users
Post the policy's effective date
Esteemed ContentBiz Publisher Anne Holland also found three vague areas in the law, too: Grey Area #1. Email programs
Check with your own legal advisers if the term "online service" equals your emails to house lists. We suspect it does. So, you may have to make your privacy link much more conspicuous there.Grey Area #2. Landing pages
Also, check with legal to see if you should assume the Act extends to campaign microsites and landing pages which may not be obviously part of your main site. We suspect it may, and this means you'll need to change your privacy policies there, too.Grey Area #3. Third-party-hosted registration forms
If you collect any consumer data using third-party services such as a co-registration deal, an online lead generation service, or a co-branded marketing presence, check with legal to see if you need to fret about your partner's privacy links and statements. We suspect you do.
You can read the law here (go ahead and check it out; it's short and written in what to bureaucrats is plain English):http://www.leginfo.ca.gov/pub/bill/asm/