[wp-hackers] Privacy issues & encryption of data

Amy Hendrix sabreuse at gmail.com
Tue Nov 19 17:56:17 UTC 2013


Everything I found refers to this year's update of the California
Online Privacy Protection Act of 2003. It requires that sites that
collect information from customers have clearly posted privacy
policies; the new update covers recent innovations like Do Not Track
settings. Nothing about encryption, or indeed about user data in the
WP sense of "user".

A decent plain-english explanation is here:
http://blogs.lawyers.com/2013/10/california-online-privacy/

The law itself is here: http://oag.ca.gov/privacy/COPPA

On Tue, Nov 19, 2013 at 12:42 PM, Otto <otto at ottodestruct.com> wrote:
> On Tue, Nov 19, 2013 at 11:35 AM, Jeff Rose <jeff at jeffrose.ca> wrote:
>> Through my 9-5 job yesterday, I was informed that beginning next year, the
>> state of California (maybe others) will require more personally
>> identifiable information stored in websites to be encrypted.
>>
>> This includes usernames, email addresses and even first & last names, which
>> WordPress stores in clear text.
>>
>> This not only affects sites located in California, but also those who may
>> have users FROM California.
>>
>> I'm wondering if anyone has thoughts (not to be taken as legal advice) on
>> how to handle this in WordPress, or if WordPress core will address this.
>
>
> If it's a California law, then it realistically only affects people
> living in California. If I don't encrypt, then California cannot do
> anything about it because they lack jurisdiction over me.
>
> But I did a quick search and I cannot seem find any such law. There
> was a report in July about California possibly passing such a law, but
> the articles on it were short on specific details. Certainly, there
> are existing laws to protect information such as social security
> number, healthcare info, etc, but "name+email" isn't one of those
> things covered by existing law I can find.
>
> Obviously, if such a law exists and affects any significant portion of
> the userbase, then WordPress will address it appropriately. But we'd
> need more information than rumors. Laws are written down, so I should
> be able to find it and read it, if it exists at present.
>
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list