Iubenda logo
Start generating

Documentation

Table of Contents

CalOPPA compliance made easy

If you own a website or are planning to launch one, it’s important to understand and respect the California Online Privacy Protection Act (CalOPPA). 

What is the difference between CCPA and CalOPPA?

The main difference between CCPA (and its amendment CPRA) and CalOPPA is the scope of the laws and the types of data they regulate.

The CCPA, which has been amended to the CPRA, are comprehensive privacy laws that regulate the collection, use, and sharing of personal information of California residents by businesses. This law gives consumers the right to know what personal information businesses collect about them, the right to request deletion of that information, and the right to opt-out of the sale of their personal information. 👀 See how to comply with the CPRA here.

CalOPPA, on the other hand, requires that any business that operates a commercial website or online service that collects personal information from California residents must post a privacy policy on their website. Learn more about CalOPPA below!👇

What is Caloppa?

CalOPPA stands for the California Online Privacy Protection Act. It is a law that was enacted in 2003 to protect the online privacy of California residents who use websites or online services. 

CalOPPA is designed to help protect the personal information of California residents and ensure that they are informed about how their information is being used by websites and online services. Failure to comply with CalOPPA can result in significant fines and legal action by the California Attorney General’s office.

The law requires that if you collect personal information from California residents, you must post a privacy policy on your website. The law also requires that the privacy policy be easily accessible to website visitors

💡 What is personal information under the California Online Privacy Protection Act?

Personal information can include anything that can be used to identify an individual, such as:

  • a name;
  • address;
  • email address;
  • phone number;
  • date of birth;
  • social security number; or 
  • any other information that can be used to identify a person. 

This means that if your website collects any personal information from California residents, such as through a contact form or newsletter subscription, you are required to comply with CalOPPA.

In addition, personal information can include information that is linked or associated with an individual, such as their browsing history, purchase history, or location data. It’s important to note that even if a piece of information on its own may not be able to identify an individual, it can still be considered personal information if it is linked to other information that can identify a person. 

If you collect personal information from California residents, you are required to comply with CalOPPA and post a privacy policy that outlines how that information is being collected, used, and shared.

Caloppa Privacy Policy

One of the key requirements of CalOPPA is that you must post a privacy policy on your website that outlines:

  • the types of personal information you collect;
  • how you use it; and 
  • with whom you share it. 

This policy must be easily accessible to your website visitors, such as through a link in your website’s footer.

“Do Not Track” requests

Your privacy policy must also disclose whether you honor Do Not Track requests from website visitors. 

“Do Not Track” is a browser setting that allows users to opt out of being tracked by websites. If you do not honor “Do Not Track” requests, you must disclose this in your privacy policy.

🚀 Solution:  Our standard way of handling this is to include a sentence like “we do not honor Do Not Track requests” at the appropriate section of our privacy policies. You can read more about the features and benefits of our compliance solutions here. 

“Do Not Sell My Personal Information”

Another important aspect of CalOPPA is that you must provide a way for website visitors to opt out of the sale of their personal information.

This means that if you sell any personal information to third parties, you must provide a way for website visitors to opt out of this practice. This can be done through a “Do Not Sell My Personal Information” link on your website.

🚀 Solution: With our Privacy Controls and Cookie Solution, you can display a “Do Not Sell My Personal Information” notice and easily manage opt-outs. 

Non-compliance with the California Online Privacy Protection Act

Failure to comply with CalOPPA can result in fines and legal action. The California Attorney General’s office can enforce CalOPPA and seek penalties of up to $2,500 per violation.

This means that if you have not posted a privacy policy on your website or are not honoring “Do Not Track” requests, you could be subject to significant fines.

California online privacy protection act, how to comply 

🚀 Let’s recap: /h5>

If your website collects any personal information from California residents, it’s important to respect and comply with CalOPPA. This means:

  1. posting a privacy policy with the right disclosures on your website; and
  2. honoring “Do Not Track” requests.

Respecting the privacy of your website visitors is simply good business practice. People are becoming more concerned about their online privacy, and if they feel that their personal information is not being protected, they may choose not to use your website or do business with your company.

All the compliance setup you need for CalOPPA in place

Generate your CalOPPA privacy policy now