Protecting Your Online Business from CalOPPA Privacy Complaints
The California Online Privacy Protection Act (CalOPPA) is currently the primary consumer data privacy law in the United States. It applies to all owners and operators of commercial websites that collect personally identifiable information from users and customers who are located in the state of California.
In this article, we'll take a look at what CalOPPA is and go over its requirements. We'll also discuss the CalOPPA Complaint Form, how your customers can file a complaint against your business, and on what grounds.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
What is CalOPPA and What Does It Require?
Personally identifiable information can include any sort of information which can be used on its own or in combination with other information to identify an individual. This may include a customer's name, email address, street address, phone number, social security number, date of birth, marital status, etc....
Since most web businesses collect personally identifiable information from the residents of California, they are required to be in compliance with CalOPPA even if the business isn't based in California.
Allowing Customer Inquiries
An important requirement of CalOPPA is that you must provide a way for your site's visitors and customers to contact you, and let them know how they can do so.
It's recommended that you post a title and address (email or physical address) of a company official (such as the customer service department) who will respond to customer inquiries. Some websites even offer a telephone number or link to their customer service form to give their customers an additional channel to contact them through.
Request to Receive, Transfer, or Delete Data
Microsoft's Privacy Statement lets users know a few different ways that they can access their personal information and make settings adjustments to it. It also includes information for how to contact Microsoft if it's necessary:
Forever 21 states that customers can access, correct, update, or delete personally identifiable information, or deactivate their account by emailing the company's customer support department. An email address that customers can use to contact customer support directly is provided:
This is a great tactic in the case that the customer's information is not accessible through a login account or separate web page. Always make sure to at least provide some sort of contact information to allow customers to request to review, receive, transfer, modify or delete it and Microsoft and Forever 21 did above.
Forever 21 has a separate section for California-specific rights that allows California residents to request personal information by contacting the company using one of three methods. The available methods include sending a letter to the given address, sending an email to their customer service department, or filling out a customer service form.
What is the CalOPPA Complaint Form?
In 2016, the Office of the Attorney General of the State of California published a CalOPPA Complaint Form on its official website which the residents of California state could use to file reports of CalOPPA violations online.
The purpose of this complaint form is to enable the Office of the Attorney General to collect information about businesses in violation of CalOPPA and decide whether it needs to take action against the reported business.
The CalOPPA Complaint Form was designed to make it easier for the residents of California state to report alleged violations of CalOPPA. The potential violations against a business can be divided into five categories:
The CalOPPA Complaint Form allows an individual filing to select any number of boxes when filing their report. It also provides space on the form to specify additional information.
In order to mitigate the risk of filing complaints against your business you can make sure that:
To give you an example of how a complaint process can materialize, let's look at a 2017 case with Uber. In that case, the Federal Trade Commission (FTC) announced through a press release on its website that Uber settled allegations made by the FTC that the company made deceptive privacy and data security claims. According to the press release, Uber failed to monitor access to and provide reasonable security for their customers' data.