Call 1 800 576 8280
  ABOUT | PRIVACY | HELP | CONTACT | RESOURCES



     INTERNET NEWS, IDEAS, & INFORMATION: :
 

California's Online Privacy Regulation - Text of Bill AB 68

Recently, the California legislature authored Bill AB-68 to protect the privacy rights of consumers online. Personaweb has always tried to help customers comply with online rules, but you may want to consider consulting your attorney to make sure that you comply with all rules related to conducting business online. Here is a copy of the bill as signed and approved by the Governor on October 11, 2003. It is set to go into effect next year.

*** begin ***

BILL NUMBER: AB 68 CHAPTERED
BILL TEXT

CHAPTER 829
FILED WITH SECRETARY OF STATE OCTOBER 12, 2003
APPROVED BY GOVERNOR OCTOBER 11, 2003
PASSED THE ASSEMBLY SEPTEMBER 10, 2003
PASSED THE SENATE SEPTEMBER 8, 2003
AMENDED IN SENATE SEPTEMBER 3, 2003
AMENDED IN SENATE JULY 3, 2003
AMENDED IN ASSEMBLY APRIL 28, 2003
AMENDED IN ASSEMBLY APRIL 2, 2003

INTRODUCED BY Assembly Member Simitian

DECEMBER 11, 2002

An act to add Chapter 22 (commencing with Section 22575) to
Division 8 of the Business and Professions Code, relating to privacy.


LEGISLATIVE COUNSEL'S DIGEST


AB 68, Simitian. Online Privacy Protection Act of 2003.
Existing law does not regulate the security and confidentiality of
consumer personal and identifying information obtained by persons
and entities engaged in online business transactions.
This bill would require an operator, defined as a person or entity
that collects personally identifiable information from California
residents through an Internet Web site or online service for
commercial purposes, to conspicuously post its privacy policy on its
Web site or online service and to comply with that policy. The bill,
among other things, would require that the privacy policy identify
the categories of personally identifiable information that the
operator collects about individual consumers who use or visit its Web
site or online service and 3rd parties with whom the operator may
share the information. The bill would preempt and supersede laws of
specified local government entities regarding the posting of a
privacy policy on an Internet Web site. The bill would become
operative on July 1, 2004.

Personaweb Services Include...


THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

SECTION 1. This act shall be known as, and may be cited as, the
Online Privacy Protection Act of 2003.

SEC. 2. The Legislature finds and declares all of the following:

(a) Each operator of a commercial Web site or online service has
an obligation to post privacy policies that inform consumers who are
located in California of the Web site's or online service's
information practices with regard to consumers' personally
identifiable information and to abide by those policies.

(b) It is the intent of the Legislature to require each operator
of a commercial Web site or online service to provide individual
consumers residing in California who use or visit the commercial Web
site or online service with notice of its privacy policies, thus
improving the knowledge these individuals have as to whether
personally identifiable information obtained by the commercial Web
site through the Internet may be disclosed, sold, or shared.

(c) It is the intent of the Legislature that Internet service
providers or similar entities shall have no obligations under this
act related to personally identifiable information that they
transmit or store at the request of third parties.

SEC. 3. Chapter 22 (commencing with Section 22575) is added to
Division 8 of the Business and Professions Code, to read:

CHAPTER 22. INTERNET PRIVACY REQUIREMENTS

22575. (a) An operator of a commercial Web site or online service
that collects personally identifiable information through the
Internet about individual consumers residing in California who use
or visit its commercial Web site or online service shall
conspicuously post its privacy policy on its Web site, or in the
case of an operator of an online service, make that policy available
in accordance with paragraph (5) of subdivision (b) of Section 22578.
An operator shall be in violation of this subdivision only if the
operator fails to post its policy within 30 days after being
notified of noncompliance.

(b) The privacy policy required by subdivision (a) shall do all of
the following:

(1) Identify the categories of personally identifiable information
that the operator collects through the Web site or online service
about individual consumers who use or visit its commercial Web site
or online service and the categories of third-party persons or
entities with whom the operator may share that personally
identifiable information.

(2) If the operator maintains a process for an individual
consumer who uses or visits its commercial Web site or online service
to review and request changes to any of his or her personally
identifiable information that is collected through the Web site or
online service, provide a description of that process.

(3) Describe the process by which the operator notifies consumers
who use or visit its commercial Web site or online service of
material changes to the operator's privacy policy for that Web site
or online service.

(4) Identify its effective date.
22576. An operator of a commercial Web site or online service
that collects personally identifiable information through the Web
site or online service from individual consumers who use or visit the
commercial Web site or online service and who reside in California
shall be in violation of this section if the operator fails to comply
with the provisions of Section 22575 or with the provisions of its
posted privacy policy in either of the following ways:

(a) Knowingly and willfully.

(b) Negligently and materially.

22577. For the purposes of this chapter, the following
definitions apply:

(a) The term "personally identifiable information" means
individually identifiable information about an individual consumer
collected online by the operator from that individual and maintained
by the operator in an accessible form, including any of the
following:

(1) A first and last name.

(2) A home or other physical address, including street name and
name of a city or town.

(3) An e-mail address.

(4) A telephone number.

(5) A social security number.

(6) Any other identifier that permits the physical or online
contacting of a specific individual.

(7) Information concerning a user that the Web site or online
service collects online from the user and maintains in personally
identifiable form in combination with an identifier described in this
subdivision.

(b) The term "conspicuously post" with respect to a privacy policy
shall include posting the privacy policy through any of the
following:

(1) A Web page on which the actual privacy policy is posted if the
Web page is the homepage or first significant page after entering
the Web site.

(2) An icon that hyperlinks to a Web page on which the actual
privacy policy is posted, if the icon is located on the homepage or
the first significant page after entering the Web site, and if the
icon contains the word "privacy." The icon shall also use a color
that contrasts with the background color of the Web page or is
otherwise distinguishable.

(3) A text link that hyperlinks to a Web page on which the actual
privacy policy is posted, if the text link is located on the homepage
or first significant page after entering the Web site, and if the
text link does one of the following:

(A) Includes the word "privacy."

(B) Is written in capital letters equal to or greater in size than
the surrounding text.

(C) Is written in larger type than the surrounding text, or in
contrasting type, font, or color to the surrounding text of the same
size, or set off from the surrounding text of the same size by
symbols or other marks that call attention to the language.

(4) Any other functional hyperlink that is so displayed that a
reasonable person would notice it.

(5) In the case of an online service, any other reasonably
accessible means of making the privacy policy available for consumers
of the online service.

(c) The term "operator" means any person or entity that owns a
Web site located on the Internet or an online service that collects
and maintains personally identifiable information from a consumer
residing in California who uses or visits the Web site or online
service if the Web site or online service is operated for commercial
purposes. It does not include any third party that operates, hosts,
or manages, but does not own, a Web site or online service on the
owner's behalf or by processing information on behalf of the owner.

(d) The term "consumer" means any individual who seeks or
acquires, by purchase or lease, any goods, services, money, or credit
for personal, family, or household purposes.

22578. It is the intent of the Legislature that this chapter is a
matter of statewide concern. This chapter supersedes and preempts
all rules, regulations, codes, ordinances, and other laws adopted by
a city, county, city and county, municipality, or local agency
regarding the posting of a privacy policy on an Internet Web site.
22579.

This chapter shall become operative on July 1, 2004.

*** end ***
 
:: design :: 
Home
Web Package
Portfolio
:: hosting :: 
Web Servers
Managed Hosting
Self Hosting
Web Site Security
Wholesale Hosting
:: domain names :: 
US.COM
Domains Wholesale
News on Domains
:: marketing :: 
Search Engines
Affiliate Programs
Email Marketing
Articles
 ABOUT | SITE MAP | PRIVACY POLICY | TERMS | CONTACT © 2000-2006 Personaweb, Inc., All Rights Reserved