California has again broken new ground in privacy regulation with AB 370, signed by the Governor on Friday. The law requires website operators to disclose how they respond to “do not track” requests, and also requires disclosure of how others may collect information on individuals on the operator’s website. These disclosure requirements have big teeth, because misleading disclosures may lead to “deceptive trade practices” actions by California authorities or the Federal Trade Commission. Many organizations therefore need to decide quickly, if they haven’t done so already, whether to change tracking practices and/or the availability of PI for third-party collection, or to disclose such tracking and/or permissions for such collection.