The owner of a website can be subject to legal actions over CalOPPA within 30 days of being notified for not posting the privacy policy or not meeting the law's criteria.
The owner could be faulted for their negligence, possibly even consciously, over their inability to comply with the act, which ultimately results in charges filed against them for this noncompliance.
[5] Many American websites thus include a boilerplate disclaimer, usually under the titled hyperlink of "Your California Privacy Rights", on their site's footer section by default for all-page access.
[12] Assembly Bill 370 (Muratsuchi), which was signed into law in 2013, amended CalOPPA requiring new privacy policy disclosures for websites and online services that track visitors.
"[13] [14] It required privacy policies to either contain a disclosure, or link to a disclosure on a separate page, detailing how websites responded to the Do Not Track header and "other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services", if websites tracked the personally identifiable information of users.
On February 6, 2013, Assembly Member Ed Chau had introduced AB 242, which would amend the act to impose additional requirements on privacy policies.