Of Special Interest to Our Hospitality Clients Doing Business in California: Business Must Comply with State's New Privacy Law

By Robert C. Cumbow
June 4, 2004

Expectations regarding the protection of consumer privacy on the Web continue to grow. But until recently, they were just that-consumers' expectations. In Europe, stringent privacy protection policies have long been enforced under the European Union Privacy Directive. But in the United States, except in the federally-regulated financial and health industries, there were no privacy policies that companies doing business on the Web were required to adhere to. Until now.

California has recently adopted a Web privacy law that requires companies doing business in California and operating commercial Web sites that collect personally-identifying information to adhere to a privacy policy that includes the following features:

1. Disclose to the consumer what information the company collects and retains, how it is used, and with whom it may be shared.
2. Describe the process (if any) whereby the consumer can review the retained personally-identifying information and request that it be updated or changed.
3. Describe the process by which any changes to the company's privacy policy are announced.
4. Clearly identify the current privacy policy's effective date and the effective date of any changes.

 

Of course, these requirements have long been among the recommended "best practices" for Web site operators who wish to enact and enforce a privacy policy. But, in California at least, they are no longer optional. The law, California Business and Professions Code Section 22575-22579, takes effect July 1, 2004. By that date, any business operating a Web site that collects information on California consumers--whether or not the business or its Web server is located in California--must be in compliance.

The lawyers on Graham & Dunn's Hospitality, Beverage & Franchise Team are available to advise our clients on compliance with these and other state laws that my affect their business operations, and to counsel companies on developing and enforcing appropriate Web site privacy policies. For more information on this topic, please see our article, "Best Practices for a Web Site Privacy Policy."

For further assistance, please contact the author of the above Cyber-Graham, Robert C. Cumbow (206.340.9619 or rcumbow@grahamdunn.com).

• Client Feature Stories
• Cyber-Graham® Archive

Graham & Dunn is a Seattle Washington based law firm that has proudly served the Pacific Northwest for over 100 years. Graham & Dunn attorneys bring a wealth of experience working with the legal needs of specific industries including financial services, hospitality, franchise & distribution, beverage, real estate, natural resources, manufacturing, and emerging companies and have been recognized nationwide.

BIG LAW FIRM EXPERIENCE WITHOUT THE BIG LAW FIRM EXPERIENCE ®