California already has a law requiring that website operators provide a privacy policy describing what personally identifiable information is collected, how it is shared, and how users can view and update the information, and the effective date.1
Starting at the beginning of 2014, there is now an addition that privacy policy law, which requires that commercial website operators also:
(5) Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.
(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.
(7) An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.2
For “operators of commercial websites or online service that collects personally identifiable information”, this most likely will require an amendment to your privacy policy to indicate: (1) how your site responds to do not track indicators from various web browsers; and (2) whether or not there are third party tracking cookies (or other tracking mechanisms) on your website, such as advertising network cookies. Even if your commercial website doesn’t do either of those things, the law appears to require that the privacy policy indicate that.