The California privacy laws are aimed at any business worldwide that collects data from California residents. That means that no matter where your business or website is located, if the website does collect personal information from California residents, then that website must comply with the California privacy laws.
Can I Be Sued Even If My Business Is Not Located In California?
Yes. For example if you operate a small website that sells pet sweaters from your home in Florida, but you have at least one customer that resides in California, you could be sued in California for non-compliance unless you follow the California privacy law explicitly. And while in one sense, compliance is better late than never, you should get compliant with the law now, even if you have not yet had a customer from California.
If your business is located in another state and the California government or a California consumer sues you for non-compliance, you would need to respond to the lawsuit in California. Hiring an attorney and the costs of possibly traveling to California would be high. VeraSafe helps protect websites from these dangerous contingencies by creating and verifying privacy policies that meet COPPA requirements as well as CAN-SPAM, “Shine the Light” and other state and federal privacy laws and standards.
What if my website is just informational and does not sell goods/services?
Many, if not most informational or brochure websites are also subject to COPPA, as these websites frequently contain a contact form where users can submit questions along with their email address, name, etc. Given that these types of data are considered to be “personally identifying information”, this is within the scope of the California privacy laws.
This is all news to me. How can I stay informed about these obscure privacy laws that affect my business?