CalOPPA is a state law that governs what online service operators must do if they collect personally identifiable information (PII) about users. The Online Privacy Protection Act (OPPA) pertains to Los Angeles businesses that engage in business on the web (apps, retailers…).
What is personally identifiable information (PII)?
In this context, PII is “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” As an experienced Los Angeles business lawyer will tell you, this broad definition includes almost any type of information, depending on how it is used. Additionally, PII does not have to identify a person by name. If enough information is collected under a pseudonym, then persons may be considered “identified” for purposes of the law.
This is a California law and my business is not based in California. Why should I care?
Some business owners based in states other than California may initially decide to not take the regulations put in place by CalOPPA into consideration. However, if your website or app has users in California (which is likely the case in our highly digital world) this law applies to you. Indeed, CalOPPA specifically applies to online services with users that are California residents.
What happens if my business does not comply with online privacy requirements?
Businesses would be well-advised to heed the requirements listed in CalOPPA, which is enforced by the California Attorney General as a violation of the California Unfair Competition Law (more on that here). The maximum civil penalty is $2,500 per violation. Currently, there is no private right of action within the law that would allow a user to sue a service provider for a violation of the above requirements.
For more information on CalOPPA and/or privacy concerns relating to your online business, contact the experienced Los Angeles business attorneys at Hart, Watters & Carter today.SHARE