Anyone have an idea if the Standard Privacy Policy has been modified to conform to California's new privacy law? Or already have an addition to the template that they would like to share.

It appears if you are collecting personal information (like user registration, contact form, shopping, etc) the current Privacy Statement doesn't meet the law's requirements.

Here is a synopsis of the new amendment.  I would like to know if the DNN team has looked at this at all.

Under a new California "do not track" law effective January 1, 2014, any operator of a ‎website, online service, or mobile application that collects personally-identifiable information about California ‎residents must include do-not-track disclosures in its privacy policy. Any business operating a ‎website, online service, or mobile application that may be used or accessed by a California resident is subject to the California Online Privacy Protection Act of 2003 (CalOPPA). Given the expansive sweep of this Act, any such business should update and review its privacy policy to ensure that it complies with the requirements of the amended Act. Assembly Bill No. 370, signed by California Governor Jerry Brown on September ‎‎27, 2013, expands the disclosure requirements under CalOPPA. Currently, Cal. Bus. & Prof. Code Section 22575 ‎requires any operator of a website, online service, or mobile application that collects personally-identifiable ‎information about California residents to have a privacy policy, to include certain disclosures in its privacy policy, and to conspicuously post or otherwise make its privacy policy available to consumers. Personally-identifiable information is defined broadly under the Act to include "any other identifier that permits the physical or online contacting of a specific individual," which, under certain circumstances, includes IP addresses and device identifiers. Under the amended Act, as of January 1, 2014, operators must also disclose (i) their protocol for responding to do-not-track notices from consumers who do not want their online activity tracked; and (ii) their policy regarding other parties' collection of users' personally-identifiable information through the operators' websites, services, or mobile applications. The new do-not-track provisions of Section 22575 reflect increased federal and state concern over online ‎behavioral advertising, which may run afoul of Federal Trade Commission (FTC) prohibitions against ‎unfair and deceptive trade practice in addition to state privacy laws. Online behavioral advertising is the practice of serving ‎targeted advertisements to consumers by tracking their online activity over time and across multiple websites or applications. The FTC ‎has advised that website operators and advertisers who use online behavioral advertising provide consumers with notice and choice regarding the tracking and use of online behavior. To exercise choice, consumers can use browser do-not-track signals and similar mechanisms to prevent the tracking of their online activity. Operators that collect personally-identifiable information from California residents who use or access the operators' websites, services, or applications have until the end of 2013 to create or update their privacy policies to comply with the new law. Businesses and individuals affected by these requirements may consider engaging legal counsel to assist in developing necessary response protocols and complying with existing and newly-enacted federal and state laws

Actually, it's more than just web sites that are operated from California.  It's required for all web sites that collect information from California residents. Not only does the site have to disclose how it handles information it actively collects, but also disclose how the web site handles the 'Do not track' settings in most browsers.

For example, IE has a setting in it's Advanced Settings under Security - 'Always Send Do Not Track Headers'.  In Chrome, there is a 'Send a Do Not Track' request with your browsing traffic'.  Other browsers have settings for this as well.

W3C has been working on a standard since 2011 and has a couple of workgroups dedicated to this.  You can view their group at: http://www.w3.org/Privacy/

Since this is more than a California issue and that it will affect each of your DNN Professional customers, I thought you might already have a revised standard privacy statement.  It look like it will be eventually mandatory worldwide.

I also was curious if there is activity within DNN to allow the framework to respond to 'do not track' requests.  It's not required to do so (for now, Google is bypassing some of the browsers' mechanisms), but it would be great to know what we need to do.

I already have worked up my own modification to the privacy policy to include appropriate language but didn't want to apply it until I found out if DNN Corporate was working on it.