If your business has an interactive website, you collect personal information from individuals who visit your website and need to understand consumer data privacy laws.
What personal information and how much you collect depends on the different services you provide (e.g., purchasing, members only section, collecting names and emails for newsletters or lead magnets, using Google Analytics, etc.).
That's why almost every website you visit has a pop-up box requiring you to agree to their cookie policy, terms of use, and/or privacy policy.
What is personal information?
Personal information is typically defined as information that can identify an individual or a household. The definition varies by each law and regulation, but it typically includes name, address, zip code, email address, and types of information like healthcare data, financial records, banking and credit card numbers, and credit information. Each law may define personal information slightly different.
What privacy laws may impact my business?
There are a variety of federal, state, and international laws around privacy and protection of personal information. Since the passage of the California Consumer Privacy Act in 2018, state legislatures have been introducing privacy bills on a regular basis each session. At any time, there may be 10 to 20 privacy bills being considered in states across the U.S. Here are a few of the privacy laws that may impact your business.
Federal Laws
Gramm–Leach–Bliley Act (GLBA)— Protects financial information
Health Insurance Portability and Accountability Act (HIPAA) / Health Information Technology for Economic and Clinical Health Act (HITECH) — Protects personal health information
Children’s Online Privacy Protection Act (COPPA) — Protects children’s privacy
Family Educational Rights and Privacy Act (FERPA) — Protects students’ personal information
Fair Credit Reporting Act (FCRA) — Governs the collection and use of consumer information
State Laws
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)— Protect privacy rights for residents of California
Colorado Privacy Act (expected to be signed into law soon) — Protect privacy rights for residents of California
The New York SHIELD Act — Protects personal and private information of residents of the state of New York
Standards for the Protection of Personal Information of Residents of the Commonwealth of Massachusetts - Establishes minimum standards to be met in connection with the safeguarding of personal information of residents of the state of Massachusetts contained in both paper and electronic records
Nevada Consumer Privacy Act — Protects personal and private information of residents of the state of Nevada collected online
Virginia Consumer Data Protection Act — Protects personal and private information of residents of the state of Virginia collected online
International Laws
General Data Protection Regulation (GDPR) — A European Union (EU) law that outlines data protection and privacy regulations for personal information of people living in the EU and the European Economic Area (EAA). It also addresses the transfer of personal data outside the EU and EEA area.
Each law is slightly different and has different expectations for handling personal information. Additionally, each law may impact only select businesses or it may impact all businesses.
What kind of penalties could I face for not adhering to these laws?
Violations of these provisions may result in fines for your business and sometimes these fines are per consumer impacted by the violation (e.g., $750 per consumer). Privacy laws and penalties are only going to increase over time as more and more states pass privacy laws that are modeled after CCPA.
Why else should I care?
Privacy policies are more than just a legal hoop. With fallout from privacy breaches like those experienced by Facebook, Target, and Equifax, privacy is at the forefront of consumers’ minds. Just this year, companies big and small (Kroger, US Cellular, T-Mobile, Hobby Lobby) have also experienced data breaches.
How do I protect myself and my business?
The number one way to protect yourself is to have a well-drafted privacy policy that outlines how you protect personal information that you collect. While an overly broad or generic privacy policy may help protect you during litigation, it won’t let people know where you actually stand when consumers are deciding which brands to trust with their personal information.
A well-drafted privacy policy that is customized for how you do business will keep you compliant with these laws and create transparency for your customers and potential customers. Transparency creates trust with your target customer and enables you to build a better, stronger relationship with your customers and potential customers.
What does a good privacy policy include?
A privacy policy that is specific to your business should answer these questions:
Who is collecting the personal information?
What personal information is being collected?
Why the personal information is being collected?
When and how the personal information will be collected?
With whom the personal information is or may be shared?
Who can a consumer contact with questions or concerns about their personal information?
Who can help me with creating privacy policy that builds trust with my customers?
As your legal partner, it is our job to understand how you do business and make sure these questions are answered specifically for your business. If you don't have a privacy policy, aren't sure if any privacy laws apply to your business, or if you haven't updated your privacy policy recently, schedule a free consultation and we can discuss what changes might be necessary.
Privacy Laws and your business activities online should always go along with each other, and we can do just that. We offer flat-rate and installment packages for privacy policies to make it easy for you to protect your business. and create a stronger relationship with your customers.