Don’t worry, we’ll cover everything you need to know, right now. Starting with the million dollar question (billion dollar for some as you’ll soon see):
Reason #1 – It’s the Right Thing To Do
Reason #2 – It’s Required by Many States & Third Party Services
These laws don’t consider the business location, they’re written specifically to protect the people. And while there are already plenty of laws to navigate, there are many more on the way. (See privacy laws at the bottom of this post.)
Reason #3 – So Customers Trust You
Fact #1 – It’s Not As Hard As You Might Think
- Show your visitors you care about their privacy
- Ensure legitimacy to your visitors
- Protect your intellectual property and avoid legal issues
Clearly, a good policy revolves around privacy, security and safety. So let’s talk about that.
Is information collected safely? Big question. Naturally, the safety and security of all collected information from your customers should be a top priority. When customers visit a business, one of the things they expect is that their privacy will be respected. This means that the business will not collect personal information from them without their consent and will not sell or give it away to other businesses or organizations.
Obviously, the data you collect on your website varies depending on the goals of your site. To create the best policy possible, you’ll want to take inventory of all of the data you collect or plan to collect. To jog your memory, let’s list out a few…
Common types of data collection on a website can include:
- E-mail address
- IP address
- Device identifiers
These are typically collected through a simple contact form on a website, an ecommerce checkout, or even by using Google Analytics on your website. This should all be disclosed.
There’s also automatically collected information like:
- log-in information
- usage information
- location information.
Again, this information is automatically collected and stored. And again, this should all be disclosed.
Lastly, you may or may not need to include some or all of the following disclosures. It really depends on which laws apply to you (see privacy laws at the bottom of this post).
But you’ll likely need to include at least some of the following information:
- Your name
- Your contact information
- Effective date of your policy
- What PII you collect
- How you collect the PII
- How you’ll use the PII
- Whether or not you share PII
- How you protect the information you collect
- Whether or not you use analytics on your site, Google Analytics for example
- Whether or not you use their information for marketing and advertising
- How they can opt out of this if so desired
- All of their privacy rights and how they can use them
- Whether or not you have a Data Protection Officer
- How they can appeal decisions about their privacy rights
- If you share the PII, with whom and why
- If you can locate, profile, and identify a person with the data collected
- How the visitor can turn that data collection off
- What your site does with “Do Not Track” signals
- Whether or not you sell their information
- What information you sell specifically, if you do
- The process they can use to complain to the authorities if their rights have been violated
- The legality of your methods of gathering and processing PII
- How you store the information
- Whether or not you transfer PII to other countries or organizations outside of the country
How on earth do you create it? There’s so many laws to comb through, so many disclosures to identify and put into place. Most people aren’t completely aware of all the PII they’re collecting and using, let alone the laws that apply to them, and which specific things they need to disclose.
The updates are specific to your website and the information you originally provided to the generator. This generator basically handles all of the hard parts.The team members of Termageddon stay on top of the privacy laws so you don’t have to. That’s a breath of fresh air and then some…
To Sum it up…
California Consumer Privacy Act, also known as CCPA which took effect in January 2020, gives consumers more control over the personal information that businesses collect from them. It applies to any business that impacts people in California. This law also provides the consumers four (4) different rights, namely:
(1) Right to know about the information collected from them,
(2) Right to delete information collected from them,
(3) Right to opt-out from selling their personal information, and
(4) Right to non-discrimination in the exercise of the CCPA rights.
On the other hand, California Online Privacy Protection Act or CaloPPA, currently considered the broadest privacy law in the US, was created to protect the rights and personal information of all California residents.
(1) Lawfulness, fairness, and transparency
(2) Purpose limitation
(3) Data minimization
(5) Storage limitation
(6) Integrity and confidentiality, and
(7) AccountabilityAlso as stated earlier, Utah has just passed one law last March 25, 2022 that will go into effect on December 31, 2023. The Utah Consumer Privacy Act is intended to protect collected data and information from the Utah residents and from businesses that operate in the said state or those businesses whose target customers are located in Utah.