Creating a beautiful new website is usually one of the first projects we take on as entrepreneurs. It’s a foundational piece of your brand and often the first place we want to send our customers, clients, and followers. While it’s common to focus on the design, messaging, and functionality of your site, protecting consumer privacy rights aren’t often made the first priority.
High profile privacy breaches highlight that privacy policies are more than just a legal hoop to jump through. Big companies like Facebook, Target, and Equifax, have catapulted privacy issues to the top of consumers’ minds. This is why it’s so important that you, a business owner, have a basic understanding of what consumer privacy rights include and what you can do to protect your consumers and your business.
Personal Information Defined
Personal information is typically defined as information that can identify an individual or a household. While this might seem obvious, the definition varies by each law and regulation. Typically, it includes name, address, zip code, email address, and types of information like healthcare data, financial records, banking and credit card numbers, and credit information.
Federal and State Laws
Laws exist at both the federal and state level which will impact your business directly. A couple examples of federal laws are:
The Gramm–Leach–Bliley Act protects financial information by requiring financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.
Children’s Online Privacy Protection Act (COPPA), which places parents in control over what information is collected from their young children online, with the aim of protecting children under the age of 13.
Fair Credit Reporting Act (FCRA), which governs the collection and use of consumer information by promoting the accuracy, fairness, and privacy of information in the files of consumer reporting agencies.
State laws must also be taken into consideration when addressing consumer privacy online. A couple of examples from California and New York are:
California Consumer Privacy Act (CCPA), which protects the privacy rights of residents of California by allowing any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with.
The New York SHIELD Act, which requires any person or business owning or licensing computerized data that includes the private information of a resident of New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.
Each law is slightly different, outlining different expectations for handling personal information. Additionally, each law may impact only select businesses or it may impact all. It depends on the situation. However, what you need to know as a business owner is that most laws create fines for businesses per consumer impacted (e.g., $750 per consumer).
Who is collecting the data?
What data is being collected?
Why is the data being collected?
When and how will the data be collected?
With whom may the data be shared?