Within the technology industry, the notion of privacy is something that is on the forefront of everyone’s mind. Whether it concerns the privacy of our customers’ secure information, or protecting the activity path that a user takes while interacting on a website.
The state of California recently made headlines when both houses of the State Legislature ruled that the state now requires new online disclosures1. At first glance, that statement seems harmless, but upon further review the idea of what the state now has required is sparking a fire amongst web operators.
Effective January 1 2014, California will require all websites to disclose how they “respond to Web browser “do not track” signals that provide consumers the ability to exercise their own choice regarding collecting personally identifiable information (PII) about that same individual consumer’s online activities”, if such information is in fact collected.
*Note – this information includes: (1) first and last name; (2) home or other physical address, including street name and name of city or town; (3) e-mail address; (4) telephone number; (5) social security number; (6) any other identifier that permits the physical or online contacting of a specific individual
The requirements amend the California Online Privacy Protection Act2 and apply to all commercial website operators, including apps, as well as any online service that collects personally identifiable information (PII) about consumers residing in California.
This brings up an interesting point – according to the ruling if you do not comply, California will state publicly that you do not honor their requests – however if you do in fact comply, then you have to provide details about what you do when a “do not track” signal is received from the consumer’s web browser or any other technology that allows consumers to choose what PII is collected. The idea of shaming operators into adopting “do not track” mechanisms is a bit much saying that federal regulators have yet to impose a national standard for such circumstances.
The major issue is that this may require more specific disclosures of what behavior information a website owner collects – more than just generic activity. The bigger picture notes that organizations that collect PII, whether or not these organizations are based in California, must asses their current website privacy policies to ensure they are compliant with California’s new laws. Because the law does not set any “Do Not Track” standards or best practices, it leaves the consumer privacy stance open for debate.
With California taking the lead on updating their website visitor protocol, it’s safe to say that many states will soon follow in their footsteps. With 447 of the Forbes 500 (US based) list of companies not based in California – this could mean a dramatic change to the way the rest of the country runs their online operations. While the State won’t start “monitoring” their requirements until January – their pre-emptive strike sure gives all other business/website owners more than enough time to start planning for the things they might come across.
Court cases, legal fees, punishments for non-compliers are all things that may be breaking headlines early next year. Who’s to say that being marked as “non-compliers” will hurt businesses. Will this result in other California based organizations taking their business elsewhere for those who do not comply with the regulations to save themselves from further punishment or investigation down the road? It may be too soon to tell.
In comparison, I do think California is on the right track – website owners in the European Union already require all tracking of visitors. Once visitors opt out of the agreement itself, the companies/websites can no longer track them. If they fail to oblige with their rules and regulations they are hit with hefty fines and punishments that can lead to detrimental factors to their business. So in turn, they’ve found it easier just to comply – I feel that the remainder of the United States will have a similar “suck it up” attitude once they realizes the damages are not worth their time, effort, or money.
About the Author
Courtney Brady is the Director of Marketing at Distil Networks. She comes to Distil Networks from a variety of start-up companies, routed in SaaS and DaaS solutions. Formerly the global communications manager at multiple companies, Courtney is responsible for developing the company’s marketing strategy and branding campaign.Follow on Twitter More Content by Courtney Brady