• RSS feed
  • LinkedIn
Call: 310-826-5202
Publications and News at HWC


Online Privacy Policy Considerations for Los Angeles Businesses

CalOPPA is a state law that governs what online service operators must do if they collect personally identifiable information (PII) about users. The Online Privacy Protection Act (OPPA) pertains to Los Angeles businesses that engage in business on the web (apps, retailers…).

What is personally identifiable information (PII)?

In this context, PII is “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” As an experienced Los Angeles business lawyer will tell you, this broad definition includes almost any type of information, depending on how it is used. Additionally, PII does not have to identify a person by name. If enough information is collected under a pseudonym, then persons may be considered “identified” for purposes of the law.

This is a California law and my business is not based in California. Why should I care?

Some business owners based in states other than California may initially decide to not take the regulations put in place by CalOPPA into consideration. However, if your website or app has users in California (which is likely the case in our highly digital world) this law applies to you. Indeed, CalOPPA specifically applies to online services with users that are California residents.1437075644_Online_WWW_Website_Arrow

My Los Angeles business already has an online privacy policy, isn’t that enough?

An updated privacy policy is a must for Los Angeles businesses with an online presence. It is important to ensure your policy is up-to-date, as CalOPPA and related laws are updated often and your current privacy policy may not have all the information required by law. Lack of compliance could not land you in legal hot water. Discuss your business’s privacy agreement with an experienced business attorney.

What happens if my business does not comply with online privacy requirements?

Businesses would be well-advised to heed the requirements listed in CalOPPA, which is enforced by the California Attorney General as a violation of the California Unfair Competition Law (more on that here).  The maximum civil penalty is $2,500 per violation. Currently, there is no private right of action within the law that would allow a user to sue a service provider for a violation of the above requirements.

For more information on CalOPPA and/or privacy concerns relating to your online business, contact the experienced Los Angeles business attorneys at Hart, Watters & Carter today.