What is CalOPPA?

California Online Privacy Protection Act (CalOPPA) is a state law that went into effect in 2004 and requires commercial websites and online services that collect personal information on California residents to conspicuously post and comply with a privacy policy.

CalOPPA requires that websites must post a privacy policy, through a visible homepage link that contains the word “privacy” and this policy must list:

  • Types of personal data collected
  • Categories of third-party data shared with
  • Process for users to access and update their data
  • How updates to the policy are communicated
  • Policy effective date
  • If sites honor “Do Not Track” browser settings
  • If third parties collect user data

There are no direct penalties for CalOPPA violations, but it allows lawsuits under California’s Unfair Competition Law. Fines can go up to $2,500 per violation.