Not only do privacy policies create a stronger relationship between website owners and their visitors, but in most cases, they are now legally required. These informative written documents increase transparency from the site to online consumers about what the site does and doesn’t do with the visitors’ personal information.
Under CalOPPA, the collection of Personally Identifiable Information (PII) is very broadly defined to cover “personally individually identifiable information about an individual consumer” and includes a consumer’s first and last name, home or other physical address, email address, telephone number, and Social Security number. In addition, PII includes any other identifying information that permits the physical or online contacting of a specific California consumer, as well as other user-related information maintained in personally identifiable form.
CalOPPA is potentially quite disruptive in reach and is not limited to California’s borders. Even if your Web site or online service isn’t run from California, it may still impact and collect personal information from customers who are California residents. And hence, it is very likely that the regulations of the CalOPPA extend to you as well.
If your service is made for children, you must comply with the Children’s Online Privacy Protection Act (COPPA). It requires that operators of websites or online services that are either directed to children under the age of 13, or which have actual knowledge that they are collecting personal information from children under the age of 13, must give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information and must keep the information they collect from children safe and secure through an SSL certificate and periodic, PCI compliant vulnerability scanning.