Many Websites Have Serious Privacy Violations

Photo of author

( — April 22, 2014) Thousand Oaks, CA — 


Due to the ever-increasing problem of identity theft, the explosive growth of internet fraud and mishandled sensitive information in recent years, Federal and States laws have been enacted for how website owners, operators, and application (app) developers must handle the personal information they access through their sites. The Federal Trade Act and the Children’s Online Privacy Act are the two key federal laws that deal with online privacy policies. However, there are other federal and state laws that also deal with consumer personal information and privacy protection that website owners and app developers must comply with.


As recent as January of this year, several states added to the privacy requirements of websites, yet numerous websites visited for this report, have either no privacy policy or one that is severely outdated. According to the California Attorney General “Owners of websites, online services or mobile applications (apps) that can be accessed or used by California residents should ensure their compliance with the new amendments to the California Online Privacy Protection Act of 2003 (CalOPPA) by the law’s January 1, 2014 effective date.”  “Personal information” is defined under California Civil Code §§ 1798.29 and 1798.82. California Attorney General’s office has recently released a report of privacy recommendations for mobile app developers. The FTC is continuing their research and attention on mobile devices and how they may be putting user’s privacy and security at risk.


From a site owner’s perspective, this can be an expensive problem. The California Attorney General maintains that each noncompliant mobile app download constitutes a single violation and that each download may trigger a civil fine of up to $2,500 per incident. It’s not a valid defense for a website owner to say ‘I didn’t know’, or ‘It’s my webmaster’s fault.”


“Many website owners hire web designers who use popular templates or software. These web designers are limited to their experience of the product and are not necessarily knowledgeable of the industry of their client, or the changes in internet laws.” Says Internet Solutions Consultant, Sumner Davenport. “ It is becoming increasingly important for businesses to work with website and internet marketing companies that are well-informed and have expertise in their specific industry as well. For example, the legal and medical industries are governed by additional strict rules and regulation, which also carry large fines for non-compliance.”


Credit card theft is not limited to in store transactions as was experienced at Target last year. E-commerce sites must take extra steps to keep their customers personal information safe and have procedures in place to notify customers of any breach.  Web sites requesting sensitive personal identifying information have been advised over the years  to use Secure Socket Layers (SSL), the industry standard for protecting private information sent over the Internet. After the announcement of the recent Heartbleed bug, if a website uses SSL, their privacy policy should have included how they handle any potential security breach.


As previously mentioned, under federal law, online businesses that collect personal identifying information from children under the age of 13 are required to have a privacy policy which must disclose what will be done with that information. whether collected intentionally or by a child’s accidental input on their site.


For those whose web site or online service is based in one state, it may still impact and collect personal information from customers who are in other states or countries. It is very possible that the regulations of the state or country of the resident who accessed the website extend to the website owner as well. At a minimum, the privacy policy of a website based in the United States should be in compliance with all US states’ regulations.


The solution is not to simply copy another site’s privacy policy.  According to the Small Business Administration (SBA )“The thing about online privacy policies is that they differ from business to business and must be tailored to fit each business’ needs.” The prudent path to comply with these laws is to create and publish an easily accessible privacy policy. Which to begin with, informs site users about: who you are, what precise categories of personal information is collected, for what precise purposes, whether data will be disclosed to third parties, what rights users have in terms of withdrawal of consent and/or deletion of data and other required disclosures based on your sites actions. Accordingly, if your business or organization collects this type of information, then it should consider undertaking proactive measures to reduce the risk and magnitude of a potential data breach.  


There are a few online sites that offer templates to create an online privacy policy. Even after using one of these templates, your actual privacy policy must contain information specific to the users of your website, internet service, blog or app.  


As always, when in doubt, seek assistance from a qualified professional.


For more information:
California Attorney General, Privacy on the Go

California Civil Code §§ 1798.29 and 1798.82
FTC – Mobile Technology Issues 






Sumner M. Davenport & Associates

2219 E. Thousand Oaks Blvd. Suite 102
Thousand Oaks, CA 91362