California's Rights to Privacy and Compliance Programs

By William Vogeler, Esq. on February 24, 2017 | Last updated on March 21, 2019

California is famous for Hollywood, Disneyland, and the Online Privacy Protection Act.

What? Did you think the Golden State was all fun and games? Californians do more than go to the movies and amusement parks.

In fact, they value the right to privacy so much they enshrined it in Article I of the state constitution. Not even the U.S. Supreme Court could do better in creating a constitutional right to privacy.

"Today, California leads the nation not only as an innovation hub for information technologies, but also with the most comprehensive, stringent and up-to-date information privacy laws," according to excerpts from a privacy practice guide by attorney Lothar Determann.

Privacy Laws

For example, lawmakers have enacted legislation on spam mail, unsolicited phone and text messages, cyber-bullying, identify theft, and social media. That doesn't include the main law affecting website operators -- the Online Privacy Protection Act.

The act requires that website operators post a distinctive link to the website's privacy policy. It must detail the type of information gathered by the website and how the information may be shared with others. The website also must allow the user to review and make changes to their stored information.

In the internet age, these laws do not apply only to California residents and businesses. Companies around the country have to comply with them if their web or mobile sites are accessible to consumers in California, they have customers or employees in California or their enterprise customers have customers or employees in California.

Mitigation Programs

To mitigate risks, as reported by, companies should add California privacy law considerations to their compliance programs. They should also review their policies with a compliance checklist.

With periodic reviews, businesses lower the risk of missing new legal developments or making bad decisions that could violate privacy laws. In California, many companies are required to implement a formal program or to use special liability protections.

Regulators and law enforcement are less likely to act against companies that unintentionally violate privacy laws if they have reasonable policies. To defend against private litigation, companies can fare better if they acted diligently in protecting privacy rights.

Related Resources:

Copied to clipboard