- If a company uses an icon as a hyperlink, it must be included on the homepage or first significant page of the website, must include the word "privacy," and must also use a color that contrasts with the background color of the page.
- If a company uses a text link, it must either include the word "privacy;" be written in capital letters equal to or greater in size than the surrounding text; or be "written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language."
- The categories of personal information that will be collected through the site or service--personal information includes first and last name, street address, email address, telephone number, social security number, any other identifier by which a person can be contacted physically or online, and any other information that is collected from the user and maintained in an identifiable form
- The categories of third parties with whom this personal information may be shared
- A description of the process by which consumers can review or request changes to the personal information, if any such process exists
- The effective date of the policy
While the new law is a California statute, it may affect any website that can be viewed by California consumers, which is, effectively, every company with a commercial website or online service. Companies that already have privacy policies posted on their websites may need to evaluate whether these policies are sufficiently accessible and contain the required information.