InfoBytes Blog
California Enacts First Online Tracking Bill, Expands Breach Notice Requirements
On September 27, California became the first state to enact online tracking legislation, which requires website operators to disclose how they respond to “do not track” signals or other mechanisms that provide consumers a choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across different sites or online services. The bill requires operators to disclose whether other parties have access to a consumer’s personally identifiable information when a consumer uses the operator’s site or service. The state also enacted SB 46, which expands the state’s data breach notice law (i) to apply to certain personal information that would permit access to an online account—user name or email address, in combination with a password or security question and answer, and (ii) to require that in such cases, security breach notification be made by sending notice using a method other than email. Both bills take effect on January 1, 2014.