THE SENATE

S.B. NO.

729

TWENTY-SEVENTH LEGISLATURE, 2013

 

STATE OF HAWAII

 

 

 

 

 

 

A BILL FOR AN ACT

 

 

relating to the internet privacy.

 

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

 


SECTION 1. Chapter 481B, Hawaii Revised Statutes, is amended by adding a new part to be appropriately designated and to read as follows:

"Part . INTERNET PRIVACY REQUIREMENTS

481B-A Definitions. For the purposes of this part, the following definitions shall apply:

"Conspicuously post" means to post a privacy policy using any of the following methods:

(1) A webpage upon which the actual privacy policy is posted if the webpage is the homepage or first significant page after entering the website;

(2) An icon that hyperlinks to a webpage on which the actual privacy policy is posted, if the icon is located on the homepage or the first significant page after entering the website and if the icon contains the word "privacy". The icon shall also use a color that contrasts with the background color of the webpage or is otherwise distinguishable;

(3) A text link that hyperlinks to a webpage on which the actual privacy policy is posted, if the text link is located on the homepage or first significant page after entering the website and if the text link does one of the following:

(A) Includes the word "privacy";

(B) Is written in capital letters equal to or greater in size than the surrounding text; and

(C) Is written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language; or

(4) Any other functional hyperlink that is so displayed that a reasonable person would notice it.

"Consumer" means any individual who seeks or acquires, by purchase or lease, any goods, services, money, or credit for personal, family, or household purposes.

"Operator" means any person or entity that owns a website located on the Internet or an online service that collects and maintains personally identifiable information from a consumer residing in the State who uses or visits the website or online service if the website or online service is operated for commercial purposes. The term "operator" shall not include any third party that operates, hosts, or manages, but does not own, a website or online service on the owner's behalf or by processing information on behalf of the owner.

"Personally identifiable information" means individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following:

(1) A first and last name;

(2) A home or other physical address, including street name and name of a city or town;

(3) An e-mail address;

(4) A telephone number;

(5) A social security number;

(6) Any other identifier that permits the physical or online contacting of a specific individual; or

(7) Information concerning a user that the website or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described in this part.

481B-B Internet privacy. (a) An operator of a commercial website or online service that collects personally identifiable information through the Internet about individual consumers residing in the State who use or visit its commercial website or online service shall conspicuously post its privacy policy on its website or, in the case of an operator of an online service, make that privacy policy available in accordance with any other reasonably accessible means of making the privacy policy available for consumers of the online service.

(b) The privacy policy under subsection (a) shall require the operator to do all of the following:

(1) Identify the categories of personally identifiable information that the operator collects through the website or online service about individual consumers who use or visit its commercial website or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information;

(2) If the operator maintains a process for an individual consumer who uses or visits its commercial website or online service to review and request changes to any of the individual consumer's personally identifiable information that is collected through the website or online service, provide a description of that process;

(3) Describe the process by which the operator notifies consumers who use or visit its commercial website or online service of material changes to the operator's privacy policy for that website or online service; and

(4) Identify the effective date of the operator's privacy policy.

481B-C Violation. An operator shall not be deemed in violation of this part unless the operator fails to post its policy within thirty days after being notified of noncompliance. An operator who violates this part shall be guilty of a violation under section 480-2."

SECTION 2. In codifying the new sections added by section 1 of this Act, the revisor of statutes shall substitute appropriate section numbers for the letters used in designating the new sections in this Act.

SECTION 3. This Act shall take effect upon its approval.

 

INTRODUCED BY:

_____________________________

 

 


 


 

Report Title:

Internet; Privacy

 

Description:

Requires operators of commercial websites or online services that collect personally identifiable information through the Internet about consumers in the State who use the websites or online services to conspicuously post their privacy policies on their websites or through any other reasonably accessible means.

 

 

 

The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.