Data Privacy: What You Need to Know
Creating a beautiful new website is usually one of the first projects we take on as entrepreneurs. It’s a foundational piece of your brand and often the first place we want to send our customers, clients, and followers. While it’s common to focus on the design, messaging, and functionality of your site, protecting consumer privacy rights aren’t often made the first priority.
However, if your business has a website, you automatically collect personal information and need to understand consumer data privacy laws. How much personal information you collect depends on the different services you provide (e.g., purchasing, members-only section, collecting names and emails for newsletters or lead magnets, using Google Analytics, etc.). That's why almost every website you visit has a pop-up box requiring you to agree to their cookie policy, terms of use, and/or privacy policy.
High profile privacy breaches highlight that privacy policies are more than just a legal hoop to jump through. Big companies like Facebook, Target, and Equifax, have catapulted privacy issues to the top of consumers’ minds. This is why it’s so important that you, a business owner, have a basic understanding of what consumer privacy rights include and what you can do to protect your consumers and your business.
Personal Information Defined
Personal information is typically defined as information that can identify an individual or a household. While this might seem obvious, the definition varies by each law and regulation. Typically, it includes name, address, zip code, email address, and types of information like healthcare data, financial records, banking and credit card numbers, and credit information.
Federal and State Laws
Laws exist at both the federal and state level which will impact your business directly. A couple examples of federal laws are:
The Gramm–Leach–Bliley Act protects financial information by requiring financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.
Children’s Online Privacy Protection Act (COPPA), which places parents in control over what information is collected from their young children online, with the aim of protecting children under the age of 13.
Fair Credit Reporting Act (FCRA), which governs the collection and use of consumer information by promoting the accuracy, fairness, and privacy of information in the files of consumer reporting agencies.
State laws must also be taken into consideration when addressing consumer privacy online. A couple of examples from California and New York are:
California Consumer Privacy Act (CCPA), which protects the privacy rights of residents of California by allowing any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with.
The New York SHIELD Act, which requires any person or business owning or licensing computerized data that includes the private information of a resident of New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.
Each law is slightly different, outlining different expectations for handling personal information. Additionally, each law may impact only select businesses or it may impact all. It depends on the situation. However, what you need to know as a business owner is that most laws create fines for businesses per consumer impacted (e.g., $750 per consumer).
This is why it’s so important that you have a well-informed, transparent consumer privacy policy outlined on your site. This not only impacts how compliant you are with local and federal consumer law, but it also sets the foundation for a trusting relationship between you and your consumers. A privacy policy that is specific to your business should answer these questions:
Who is collecting the data?
What data is being collected?
Why is the data being collected?
When and how will the data be collected?
With whom may the data be shared?
With the boom of technology and more and more people using online services/platforms, these laws are only going to increase over time. But don’t worry! As your legal partner, it is our job to understand how you do business and make sure these questions are answered specifically for your situation. If you don't have a privacy policy or if you haven't updated yours recently, schedule a free consultation so we can discuss what changes might be necessary.