BILL NUMBER: AB 242 INTRODUCED
BILL TEXT
INTRODUCED BY Assembly Member Chau
FEBRUARY 6, 2013
An act to amend Section 22575 of the Business and Professions
Code, relating to privacy.
LEGISLATIVE COUNSEL'S DIGEST
AB 242, as introduced, Chau. Privacy: Internet.
Existing law requires an operator of a commercial Web site or
online service that collects personally identifiable information
through the Internet, about individual consumers residing in
California who use or visit its commercial Web site or online
service, to make its privacy policy available to consumers, as
specified.
This bill would require the privacy policy to be no more than 100
words, be written in clear and concise language, be written at no
greater than an 8th grade reading level, and to include a statement
indicating whether the personally identifiable information may be
sold or shared with others, and if so, how and with whom the
information may be shared.
Vote: majority. Appropriation: no. Fiscal committee: no.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 22575 of the Business and Professions Code is
amended to read:
22575. (a) An operator of a commercial Web site or online service
that collects personally identifiable information through the
Internet about individual consumers residing in California who use or
visit its commercial Web site or online service shall conspicuously
post its privacy policy on its Web site, or in the case of an
operator of an online service, make that policy available in
accordance with paragraph (5) of subdivision (b) of Section 22577. An
operator shall be in violation of this subdivision only if the
operator fails to post its policy within 30 days after being notified
of noncompliance.
(b) The privacy policy required by subdivision (a) shall do all of
the following:
(1) Identify the categories of personally identifiable information
that the operator collects through the Web site or online service
about individual consumers who use or visit its commercial Web site
or online service and the categories of third-party persons or
entities with whom the operator may share that personally
identifiable information.
(2) If the operator maintains a process for an individual consumer
who uses or visits its commercial Web site or online service to
review and request changes to any of his or her personally
identifiable information that is collected through the Web site or
online service, provide a description of that process.
(3) Describe the process by which the operator notifies consumers
who use or visit its commercial Web site or online service of
material changes to the operator's privacy policy for that Web site
or online service.
(4) Identify its effective date.
(c) The privacy policy required by this section shall be no more
than 100 words and shall be written in clear and concise language at
no greater than an eighth grade reading level. The privacy policy
shall include a statement indicating whether the personally
identifiable information may be sold or shared with others, and if
so, how and with whom the information may be shared.