If you use or develop online software or smartphone “apps” then you need to know about CalOPPA.  No, that’s not some form of steam-driven musical device from an old-time carousel. It’s the California Online Privacy Protection Act, and it has very real consequences for any company that does business online. This month, the State of California sued Delta Airlines for failure to comply with CalOPPA, and the suit seeks $2.500 for EACH TIME the Fly Delta mobile app was downloaded!

To comply with CalOPPA, you need to figure out if your online system or app collects any personally identifiable information (“PII”) such as a name, email address, physical address, telephone number, IP address, current location, or sensitive information such as a social security number.  Next, you have to know the target age range for your web page or app. If it’s under 13, you need to talk to an attorney ASAP. There are special rules that apply.

Next you need a list of every party that will have access to the PII that you collect.  You then need to specify how the user can control that PII.  Can they view what you’ve collected, edit it, and delete it from your database? You then need a written policy that you will display to anyone from whom you collect PII that explains what you collect, how you intend to use it, with whom you may share it, and what the user can do to view, change or delete his own PII in your systems. You may want to review the sample policies available from the Center for Democracy and Technology, which has a very complete template, and then have your attorney review your policy after you’re done drafting it.  Finally, you may wish to get certified by a third party like TrustE so that you tell your users that you’re trustworthy with their PII.

Compliance with privacy regulations also varies in other countries, but these basic steps are the minimum necessary for any developer. If you need a hand, the attorneys at Lipton, Weinberger & Husick can help to draft these kinds of policies, and others. Give them a call.

–Lawrence A. Husick, Esq.