In recent years, companies have been doing business on the Internet in one form or another and have been increasingly providing their customers and potential customers methods that were exclusive to snail mail and fax and at the same time having to wade through the numerous privacy laws affecting clients' businesses.
In a statement to Congress in May 2000 from a former commissioner of the Federal Trade Commission
he seemed to indicate that businesses would be required to treat information collected online in the same manner as information collected offline (which is much less regulated). Although the online/offline conformity has not come to fruition, it
proved a wake-up call for many businesses and a warning of things to come.
In the summer of 2002, many credit professionals scrambled to answer questions about a relatively unpublicized law called the Financial Modernization Act, or
Gramm-Leach-Bliley Act, that made distribution and compliance with privacy policies a requirement if certain types of "nonpublic personal information" was collected from customers, whether online or offline. After much fanfare and a scramble on the part of a certain professional credit organization to promote GLB seminars both on and off line it was
investigated and reported by this publication that GLB did not apply to the majority of credit managers in manufacturing and distribution. By 2003, thirty-six states had their own anti-spam laws, the toughest and most controversial of which was passed by California.
When Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act of 2003)
it pre-empted almost all of those state laws, including California.
After reviewing and explaining all of the foregoing laws about the privacy laws affecting business operations on the Internet -- as well as a few of the lesser known, industry specific laws – credit professionals could finally feel comfortable that they had an informed management that could comply with applicable privacy-related laws. However, California
then passed another law on July 1, 2004 that came into existence with relatively little fanfare, sending
many credit professionals back to their attorneys to draft forms and restructure their advice to comply with that law.
The relatively new California law may affect companies that operate commercial Web sites or online services that collect personally identifiable information from consumers. The California Online Privacy Protection Act
OPPA is a response to a perceived federal inaction in protecting the privacy of Internet users. It protects the privacy interests of California residents by informing them of whether the personal information obtained from them through the Internet may be disclosed or sold to another party. Further, lawmakers hope OPPA will increase consumer confidence in e-commerce and the legitimacy of those firms with whom they do business on the Internet.
Until now, posting online privacy policies was largely governed by the applicable industry standard. As demonstrated by its anti-spam laws and its law governing the use of information from in-vehicle data collection devices, California is on the cutting edge of protecting its residents' rights by becoming the first state to pass an online privacy protection law. Laws similar to OPPA are pending in
OPPA affects any operator of a commercial Web site or online service that collects personally identifiable information through the Internet from California residents. OPPA focuses on protecting the privacy of California residents regardless of where the operator is geographically located. Operators located outside California -- but whose sites are visited by Californians -- are susceptible to liability because of the borderless nature of the Internet. Consequently, OPPA reaches across state lines and affects almost all companies doing business in the United States that conduct business online and collect personally identifiable information from consumers.
Although OPPA only applies to commercial Web sites and online service operators that collect personally identifiable information from consumers. Commercial firms need to be reminded that asking for personal information from guarantors of corporate debt or when dealing with partnerships or proprietorships via the Internet, they are automatically liable under
OPPA. Personally identifiable information is information collected online from an individual that identifies that individual in some way. OPPA lists the following examples of personally identifiable information:
* A first and last name;
* A home or other physical address, including street name and name of a city or town;
* An e-mail address;
* A telephone number;
* A social security number; or
* Any other identifier that permits the physical or online contacting of a specific individual.
Also included in that category is any other information concerning a consumer that is maintained in a personally identifiable form in conjunction with one of the previously listed identifiers.
The only businesses that OPPA explicitly does not affect are Internet service providers and similar entities that transmit or store personally identifiable information at the request of a third-party operator.
* The site displays any other functional hyperlink so that a reasonable person would notice it.
A business/ operator that fails to comply with OPPA risks being subject to civil suit for unfair business practices. The standard for liability is that acts were taken knowingly and willfully, or negligently and materially. There are two ways a business/operator may violate
The California Online Privacy Protection Act went into effect July 1, 2004. If your company operates a Web site or online service that collects personally identifiable information from California residents, this may be an excellent opportunity to review applicable information collection practices under the parameters of
I wish you well.
The information provided above is for
educational purposes only and not provided as legal advice. Legal advice
should be obtained from a licensed attorney in good standing with the Bar
Association and preferably Board Certified in either Creditor Rights or