Image of interconnected web of people

Website Accessibility for Privacy Policies – California Consumer Privacy Act Regulations

California Privacy Law , , ,

Image Credit: Gordon Johnson from Pixabay

On October 10, the California Attorney General released proposed guidelines to implement the California Consumer Protection Act (CCPA), which goes into effect in January 2020. One of the provisions that surprised many was a new requirement that privacy notices given to consumers “[b]e accessible to consumers with disabilities” and “[a]t a minimum, provide information on how a consumer with a disability may access the notice in an alternative format.” [Note: the AG’s regulations are not final, and interested parties may submit comments about them before December 6, 2019 at a series of public hearings, by mail, or by email.]

The requirement to provide the privacy notice in a format that is accessible to people with disabilities is consistent with recent trends towards website compliance with the Americans with Disabilities Act (ADA). Whether out of a desire to advance equity or to comply with the spirit or letter of accessibility laws, we see more businesses and website operators making earnest attempts to make their websites accessible to the broadest audience possible.

Unfortunately, the AG did not provide very much guidance on how businesses could make their privacy notice or websites more accessible. Luckily, several organizations doing work in this area, including the W3 Web Accessibility InitiativeStanford Online Accessibility Program and Berkeley WebAccess, have put resources online for designers, developers and content creators.

While not exhaustive, the following is a list of fairly straightforward best practices distilled from other lists that businesses and website operators can implement to make their websites accessible to people with disabilities:

1.     Use headings correctly to organize the structure of your content

2.     Pay attention to color contrast

3.     Images should include alternate text in the markup/code; complex images should have more extensive descriptions near the image

4.     Provide transcripts for podcasts

5.     Websites with videos should provide visual access to the audio information through in-sync captioning

6.     Sites should consider using skiplinks

Millions of internet users have special needs, disabilities and impairments that make certain websites difficult or impossible to access and use. By designing your website with these challenges in mind, you can ensure that it is welcoming to as many users as possible.

Image of gears directing arrows to shield.

California Consumer Privacy Act vs GDPR – How to Maximize Your Privacy Compliance Program

California Privacy Law, GDPR, Privacy Law , , , , ,

California’s recent passage of the Consumer Privacy Act of 2018 now places the world’s fifth-largest economy under European style data protection rules. Given the new law, US businesses that were previously hesitant to implement GDPR are now reconsidering their position.

Luckily, the GDPR and the California Consumer Privacy Act (CCPA or CaCPA) share some similarities. Both provide for consumer-facing privacy notices, data access rights, and data portability. As businesses automate their GDPR compliance processes, they should also leverage those same processes under the CaCPA to save significant time and expense.

Below, we have listed five common operational steps that all businesses should take in their GDPR and CaCPA privacy compliance programs:
Continue Reading California Consumer Privacy Act vs GDPR – How to Maximize Your Privacy Compliance Program

California Privacy Update: SB-1121 and the Consumer Privacy Act

California Privacy Law, Privacy Law ,

As Californians gear up to vote in this week’s primary elections, the state’s businesses and voters should be aware of two separate privacy law developments: SB-1121 and the Consumer Privacy Act.

SB-1121 and Increased Liability for Data Breaches

On May 30, 2018, the California Senate recently voted to send SB-1121 to the state Assembly. The proposed amendment to the state’s current data breach laws (codified at Sections 1798.80-1798.84 of the Civil Code) would increase corporate liability for data breaches. The key provisions are as follows:

  • California “consumers,” not just “customers,” will be able to sue businesses under California’s data-breach protection laws. Under the existing rules, a California resident can only sue a business for a data breach if it provided information to the business for the purpose of buying products or services. This amendment would cover all businesses that maintain the personal data of California residents, regardless of the relationship between the business and the resident. The expansion of liability to consumers is in part responsive to the Equifax hack. In that situation, the credit agency reported that the records for about 148 million Americans were compromised, but very few of those people would be considered “customers” of Equifax.
  • California residents will be able to sue for a minimum of $200 in penalties per violation, without proof of consumer injury. This poses the risk of large-scale consumer class actions, for even minor data breaches, even where no one was harmed by the breach.
  • SB-1121 sets a 4-year statute of limitations “from the time the person discovered, or, through the exercise of reasonable diligence, should have discovered” a data privacy violation.Continue Reading California Privacy Update: SB-1121 and the Consumer Privacy Act