July 1st ...the new California Privacy Policy Act goes into effect

Beginning on July 1st all website and online services that collect personal information from California residents must have a conspicuous privacy policy.

While I am not a fan of state Internet regulations (since they make it almost impossible to comply on a nationwide basis), it's time someone required sites to have a privacy policy.

If a site fails to have one, they have thirty days form receiving a formal notice from the state to add one before they face prosecution. Seems pretty fair to me.

Without a special law requiring sites to have a privacy policy, in the United states only certain kinds of sites had to have one. I call these the kids, Cash and Kidney sites. (children's, financial and medical privacy-related laws usually require a privacy policy and full disclosure of your site's privacy practices.)

In 1998 or so IBM and Microsoft each made an announcement that they would no longer buy ad space on sites without privacy policies. And most sites have one now, in one form or another.

It's ironic though that until this recent state law, most websites were less likely to run into legal liability for their privacy practices if they refused to post a policy. The Federal Trade Act under which the FTC functions, treats a privacy policy as a promise or representation and any breach as consumer fraud. So if you don't have a policy (assuming it was not a regulated industry as mentioned above, and California laws didn't apply) you were better protected legally. Now you have to get it right. Say it clearly and accurately and make sure that you follow-through on what you say.

I think it's time for a Federal mandated privacy policy law. It's a matter of respect.

Parry