Why Site Owners Must Know California Internet Regulations
Most sites on the web are at least faintly familiar with the implementation of legal regulations related to their sites. Most, however, have never heard of the California Catch-22.
Most sites tend to view complying with legal regulations as a somewhat amorphous subject. You know you are supposed to do something, but are not particularly sure why or what to do. This leads to the rather humorous situation where many sites have terms and conditions that are completely inapplicable the what they are doing and also look startlingly similar to terms and conditions found on other sites. One might even imagine a bit of cut and paste was going on, but who am I to say!
Much of the confusion is understandable. It comes from the lack of clear legal directives by the federal government. In most areas, you get vague suggestions put forth by an impotent FTC.
Interestingly, one state has taken over for the federal government California. Because the right of privacy is actually mentioned in the constitution of the state, unlike in the federal version, the state has passed numerous laws regulating how sites must handle visitors information from a privacy perspective, sales information, security efforts and so on. Frankly, it is a pretty amazing that a group of state politicians managed to pull it off. There are laws ranging from how a privacy policy must be set up to requirements that you disclose identify theft events to the media. This is why you see major companies issuing press releases about security breaches leading to identify theft.
As a site owner located outside of California, you are probably wondering why you should care about the laws of California. Well, you better be in compliance because California has a unique way of defining what sites the laws apply to. Nearly all of the relevant California legislation contains provisions defining jurisdiction by the visitor, not the site.
So, what does this mean in plain English? You must comply with the laws if you have any customers that are residents of California or from which you obtain certain types of information. If you make a sale to a California resident, you must comply. If you collect the name, email address and so on as part of creating a newsletter mailing list, you must comply!
Given the size of the California population, it is the rare site that never makes a sale or collects information from a California resident. In short, you need to comply with everything from the California Online Privacy Protect Act to the various identify theft prevention and notice regulations. Fail to do so, and it can come back to haunt you when things go wrong.
Richard A. Chapo is an internet attorney with SanDiegoBusinessLawFirm.com.