Under CalOPPA, online websites and businesses could face severe penalties for non-compliance. In this guide, we will offer you guidance to understand how to comply with CalOPPA and help you answer the following:
- What is non-compliance under CalOPPA?
- Who enforces the requirements of CalOPPA?
- What are the CalOPPA penalties for non-compliance?
- How Termageddon can help you avoid CalOPPA penalties for non-compliance.
Table of Contents
- 1 What is non-compliance under CalOPPA?
- 2 Who enforces the requirements of CalOPPA?
- 3 What are the CalOPPA penalties for non-compliance?
- 4 How Termageddon can help you avoid CalOPPA penalties for non-compliance.
What is non-compliance under CalOPPA?
- Knowingly and willfully
- Negligently and materially
To avoid being non-compliant, a business should take steps to follow the requirements of CalOPPA. To be compliant, a website operator should:
- Complete incomplete or missing sections
The lack of transparency about data collection and sharing leaves consumers without the ability to understand the use of their personal data by online services. To improve privacy protections for consumers, California passed CalOPPA to set a standard for all online services.
Who enforces the requirements of CalOPPA?
California state government enforcement of CalOPPA
In 2012, the California Attorney General created the Privacy Enforcement and Protection Unit in the state’s Department of Justice. The Privacy Unit focuses on prosecuting violations of state and federal privacy laws that regulate private or sensitive information. In addition, the Privacy Unit has a mission to:
- Enforce privacy practices in California
- Regulate the collection, retention, disclosure, and destruction of PII
- Hold organizations accountable that misuse technology
- Educate consumers about privacy matters.
Federal Trade Commission enforcement of CalOPPA
- Conduct an administrative trial
- Demand civil litigation
- Seek penalties in federal court
- Require a business to submit a written report under oath
- Seek compensation for those harmed by the deceptive practice
The FTC usually settles enforcement actions through consent decrees and accompanying consent orders. In a consent decree, the respondent does not admit fault but promises to change its practices to avoid further litigation. A consent decree may include ongoing oversight that requires the business to report its practices to the FTC for several years.
What are the CalOPPA penalties for non-compliance?
What are the civil penalties under CalOPPA?
Website operators that are not in compliance with CalOPPA could face a charge of unfair competition. The UCL enforces noncompliance of CalOPPA by bringing a lawsuit against the operator.
Under the UCL, a website operator would face penalties under section 17206 of the California Business and Professions Code. The California Attorney General, any district attorney, or any county counsel can bring a civil action against the website operator.
If a court finds that the website operator engaged in unfair competition, the court will impose a civil penalty of up to $2,500 for each violation. To assess the amount of the civil penalty, the court will consider any relevant circumstances that the parties present in the case, which include:
- The nature and seriousness of the misconduct.
- The number of violations.
- The persistence of the misconduct.
- The length of time over which the misconduct occurred.
- The willfulness of the defendant’s misconduct.
- The defendant’s assets, liabilities, and net worth.
A significant consequence of non-compliance is that every violation receives a fine. Each violation creates a multiplier effect that could add up to be a large amount of money. This means that every visit to a website or each download while failing to comply can be a violation.
Does CalOPPA allow a private action?
Under California’s UCL, a consumer or a business may file a private action for violations of CalOPPA. Lawsuits can be initiated by either consumers or businesses that suffer damages by a competitor’s unfair actions. The UCL provides that a lawsuit may be brought “by a person who has suffered injury in fact and has lost money or property as a result of the unfair competition.”
How Termageddon can help you avoid CalOPPA penalties for non-compliance.
- Do you conduct business in California?
- Do you collect the PII of California residents?
Alice has a Juris Doctor from the Stetson University College of Law and is a licensed attorney in Florida. She is a Certified Information Privacy Professional (CIPP/US), a Certified Ethical Hacker (C|EH), and has the CompTIA Security+ certification. She currently serves on The Florida Bar Journal/News Editorial Board.