Attorney General Kamala D. Harris Issues Guide on Privacy Policies and Do Not Track Disclosures
“California has proven that robust and balanced privacy protections are consistent with a thriving innovation economy,” Attorney General Harris said. “This guide is a tool for businesses to create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions.”
In 2012, Attorney General Harris created the Privacy Enforcement and Protection Unit to enforce federal and state privacy laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. The unit also works to educate consumers and recommend best practices to businesses on privacy-related issues.
The guide is available here: http://bit.ly/RUh7Do
Key recommendations from the guide include:
- Prominently label the section of your policy regarding online tracking, for example: “California Do Not Track Disclosures.”
- Explain your uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of the website or app.
- Describe what personally identifiable information you collect from users, how you use it and how long you retain it.
- Describe the choices a consumer has regarding the collection, use and sharing of his or her personal information.
- Use plain, straightforward language that avoids legal jargon and use a format that makes the policy readable, such as a layered format. Use graphics or icons instead of text.
“HP commends the work of California in establishing expectations-based guidance for privacy as it strikes the right balance between innovation and the protection of legitimate consumer rights,” said Scott Taylor, Vice President and Chief Privacy Officer, Hewlett-Packard.
"I applaud the California Attorney General's publication of best practices for communicating with citizens about privacy. Their common-sense recommendations are clear, readable, useful, and mercifully short. Companies will understand how to comply with the letter and spirit of California transparency laws. In particular, I am delighted to see a light-touch legislative approach for transparency around Do Not Track," said Aleecia McDonald, Director of Privacy, Center for Internet and Society, Stanford Law School.
Attorney General Harris has been a staunch advocate for policies that both protect consumers’ personal information online and foster the continued growth of California’s robust technology economy.
Most recently, Attorney General Harris issued recommendations to California businesses to help protect against and respond to the increasing threat of malware, data breaches and other cyber risks. The guide, Cybersecurity in the Golden State, provides recommendations focused on small to mid-sized businesses, which are particularly vulnerable to cybercrime and often lack the resources to hire cybersecurity personnel. In 2012, 50% of all cyber attacks were aimed at businesses with fewer than 2,500 employees and 31% were aimed at those with less than 250 employees. (http://bit.ly/1p9DGiA)
In 2013, Attorney General Harris issued a guide, Privacy on the Go: Recommendations for the Mobile Ecosystem, which provided app developers with recommendations to develop strong privacy practices, translate those practices into mobile-friendly policies, and coordinate with industry actors to promote transparency. (http://bit.ly/1lZIZAC)
In February 2012, Attorney General Harris reached an agreement among the seven leading mobile and social app platforms - Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft and Research in Motion (now Blackberry) - which required that mobile apps provide privacy policies that users could find in a consistent location in the platform store and review before downloading an app. (http://bit.ly/1nkfUiF)