First Online Data Privacy Law Looms in California

Most companies already set for AB 68, experts say

By Jaikumar Vijayan

June 28, 2004 12:00 PM ET

Recommended

Computerworld - The nation's first privacy law that specifically targets online businesses will go into effect in California on July 1. But it's unlikely to cause many problems for companies, because most of the privacy requirements stipulated by the law are already in place at commercial Web sites.
The Online Privacy Act of 2003 (Calif. AB 68) was authored by Joseph Simitian, a member of the California State Assembly. Under the law, any online business that collects personally identifiable information from California residents is required to take steps such as posting its privacy policy and notifying consumers about what kinds of data will be gathered and how it will be used.
The law is structured so that anyone can bring an "individual course of action" against companies that fail to comply, Simitian said.
The AB 68 legislation formalizes what most online businesses have been doing for some time anyway, said Christopher Pierson, a partner at Lewis and Roca LLP, a law firm in Phoenix. Previously, consumers had to take action such as filing a complaint with the Federal Trade Commission or suing a company under unfair business practice laws to address an online privacy breach, Pierson said.
From an IT standpoint, there is little that companies have to change.
"Most companies doing business on the Web have privacy statements," said Kirk Herath, chief privacy officer at Nationwide Mutual Insurance Co. in Columbus, Ohio. "They just need to make sure that their old statements contain all of the elements of the new requirements."
Not as Threatening
The bill isn't as "threatening" as other California privacy laws, such as the SB 1386 Database Breach Notification Act and the pending SB 1279 measure that toughens the scope of SB 1386, said a user at a financial services company who requested anonymity.
Part of the reason may be that the original bill had been watered down quite a bit before being passed, he said.
According to Simitian, there was heavy industry opposition to some of the bill's initial provisions. The strongest objections were over a provision that required companies to maintain a history of their privacy policies, he said.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Privacy

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.