It used to be that only professors, lawyers and people with tin foil hats cared about Privacy Policies and the protections afforded to their data. While it’s unfortunate that it took numerous privacy scandals and abuses to get here, privacy is now something that is at the top of mind for both lawmakers and consumers.
So grab your tinfoil hat and let’s get started!
- General Data Protection Regulation;
- California Online Privacy Protection Act of 2003;
- California Consumer Privacy Act; and
- Nevada privacy law – SD220.
These laws are crafted to protect the privacy of the citizens of that particular state, not the businesses. This means that these laws apply to businesses regardless of where they are physically located.
So, just because you are not located in California or Nevada, does not mean that you are free and clear. Some of these laws do not have a revenue requirement either, meaning that they can apply to small businesses, as well as large ones. Here is an article on these laws that may help you gain some insight into whether they apply to you. If you are unsure whether the law applies to you or not, the safest bet would be to just meet the requirements.
- Who you are – list who operates the website. If you are working on your own, without a company name, you should list your name. If you are working under a company name, such as an LLC or a Corporation, then list that information.
- What information you collect on your website. Go through your website and determine what information you collect. Do you collect it on an email newsletter sign-up form or a contact form? Personal information is information that can be used to identify someone and include the following examples:
- Full name;
- Home address;
- Email address;
- Social Security Number;
- Passport number;
- Credit card details; or
- Log in details.
- What you do with the information that you collect – here you’ll want to set forth how you use the information that you have collected on your website. Some examples can include:
- Contact the person;
- Answer questions;
- Send email newsletters;
- Send products; or
- Allow downloads of resources or software.
- Who you share the information with – if you share the visitor’s information with anyone, you must disclose that as well. For example, you may share the information with your website developer, your accounting software, your customer management system or a third-party vendor who helps you with shipping. You can disclose the specific names of the companies that you share the information with or you can list their categories.
- Do Not Track – DNT is a web browser setting that requests that a web application disables its tracking of an individual user. While there is no requirement for your website to respond to DNT signals in a particular way, you are required to disclose how your site responds.
The above is a list of the most basic disclosures that you need to have. There can be additional disclosures based on what privacy laws apply to you and your business. Furthermore, the required disclosures will change once new laws are passed.
Changes to Privacy Policies
For example, if the Nevada privacy law applies to you, you will need to disclose whether you sell the personal information of Nevada residents and how they can request that you stop those sales.
If the General Data Protection Regulation applies to you, you need to make additional disclosures such as:
- The consequences of failure to provide the information or the withdrawal of consent;
- Whether you have a Data Protection Officer;
- The rights of European Union citizens;
- Your information retention period;
- Whether you use the information collected for direct marketing and how the visitor can opt out of such use;
- The location where you process the data; and
- If you plan to transfer the data to other countries.
Termageddon is $10/month or $100/year and all policies are included in that price. It will take you less than 15 minutes to set up your policies and they offer a set it and forget it type of solution.