With the January 1 deadline looming, TrustArc has launched an educational campaign to help businesses ensure compliance with California’s new online privacy tracking law – impacting any company collecting personal data about California consumers’ online activities across multiple websites or digital properties.


Earlier this year, we discussed the implications of AB 370, which is an amendment to the California Online Privacy Protection Action (CalOPPA).


The AB370 disclosure requirements are consistent with our longstanding approach of transparency and choice, and TrustArc is well-informed about what’s needed for compliance.


With the new law set to take effect in less than two months, we want to share our knowledge and expertise with businesses through this webinar. TrustArc encourages all online companies that have California customers to join us and learn what they can do right now to ensure adherence.


California has led the charge regarding online privacy, first with the active enforcement of CalOPPA as it relates to mobile app privacy and the release of the “Privacy on the Go” recommendations for the mobile ecosystem from the Office of the Attorney General (Kamala D. Harris), California Department of Justice.


The complex evolution in online privacy legislation is critically important as recent TrustArc research shows that approximately 90% of consumers are concerned about their personal data, and it directly impacts businesses.


Signed into law September 27, 2013 and going in effect January 1, 2014, AB 370 amends the California Online Privacy Protection Act (CalOPPA), covering all websites and online services, including mobile apps.


Businesses that collect personally identifiable information (PII)  about California consumers online activities across multiple websites or online services over time  – or allow another party to do so – must adhere to the law.


Specifically, AB 370 includes three new disclosure requirements to CalOPPA:

  • Third party collection or sharing disclosure – letting consumers know whether other parties collect data about their online activities through multiple websites or online services
  • DNT disclosure – explaining how businesses respond to DNT requests
  • Alternative to DNT disclosure – linking consumers to programs or protocols where consumers can exercise their preference, for example, TRUSTe’s DAA-approved Preference Manager.  The mechanism offered must describe the program and what it means when the consumer exercises their preference (e.g. opting out of having data collected for interest-based ads).


Dates to Remember:

  • CalOPPA AB 370 effective January 1, 2014
  • SB 46 Data Breach Notification effective January 1, 2014
  • SB 568 regulating the use of a minor’s data on social networks by website operators effective January 1, 2015