The California Attorney General, Kamala D. Harris, has issued a long-awaited guide on how companies can comply with the California Online Privacy Protection Act (CalOPPA). CalOPPA applies to all companies which collect personally identifiable information from California residents online, regardless of whether that information is collected via a commercial website or a mobile application. This far-reaching statute requires virtually every company with an online presence in California, including drug and device companies, to have a company-drafted privacy policy that conforms with its guidelines.

The Attorney General’s guide, entitled “Making Your Privacy Practices Public,” can be found here. It provides specific recommendations on how businesses are to comply with CalOPPA’s requirements to disclose and comply with a company-drafted privacy policy. CalOPPA was recently amended to include information on how the website operator responds to Do Not Track signals or similar mechanisms. The law also requires company privacy policies to state whether third parties can collect personally identifiable information about the site’s users.