What is CalOPPA?
California Online Privacy Protection Act (CalOPPA) is a state law that went into effect in 2004 and requires commercial websites and online services that collect personal information on California residents to conspicuously post and comply with a privacy policy.
CalOPPA requires that websites must post a privacy policy, through a visible homepage link that contains the word “privacy” and this policy must list:
- Types of personal data collected
- Categories of third-party data shared with
- Process for users to access and update their data
- How updates to the policy are communicated
- Policy effective date
- If sites honor “Do Not Track” browser settings
- If third parties collect user data
There are no direct penalties for CalOPPA violations, but it allows lawsuits under California’s Unfair Competition Law. Fines can go up to $2,500 per violation.