Joanne Furtsch, Director of Product Policy
- How they will respond to a Web browser signal such as Do Not Track (DNT) or other mechanism that provides consumers with the ability to exercise choice, or
- Whether third parties collect data through the website or online service.
AB 370 applies to companies that collect personally identifiable information (PII) about individual California consumers’ online activity over time and across third party websites or online services, or allow other parties to do this.
The bill is currently awaiting the governor’s signature. If the governor does not veto it by October 13, 2013, AB 370 will become law on January 1, 2014. TRUSTe will update its program requirements later this year to reflect the requirements of the updated law.
Companies need to ensure that the disclosure made around how they will respond to a DNT or other preference signal is accurate. Companies will also need to understand their practices from a couple of different angles:
When assessing your company’s obligations under AB 370, keep in mind that under CalOPPA, personally identifiable information is a defined term that includes identifiers that permit the physical or online contact of an individual.
In addition, remember that the California AG’s office has previously stated that CalOPPA, and thus the new AB 370, applies to mobile applications as well as traditional web sites.
In the coming months TRUSTe will notify clients of the updates to its certification program requirements, and work together with our clients to help them comply.
If you need help preparing to comply, a TRUSTe website scan can help identify the third parties collecting data through your website. Contact your Account Executive to learn more how TRUSTe can help.