Is Your Website Privacy Policy Up to Date?
Now is a good time to review your privacy policy to ensure it is accurate, up to date, and describes your business practices. With all the new state privacy laws, it is imperative for businesses to ensure they are staying up to date with the current law and update their business practices accordingly.
The California Consumer Privacy Act (“CCPA”) mandates businesses to review and update their privacy policies every 12 months. With 12 other states adopting privacy laws, businesses must monitor their implementation dates and ensure their privacy policies and compliance strategies are updated accordingly to ensure compliance with these laws.
Businesses must also update their privacy policies when they modify their personal information collection, storage, sharing, and usage practices. They may also need to inform and obtain consent from consumers to comply with privacy laws, depending on the nature of the policy changes.
Businesses must include certain disclosures in their privacy policies to comply with those new laws:
-
Businesses must disclose categories and specific items of consumer personal information that is collected.
-
They must disclose sources used for data collection.
-
They must disclose categories of personal information sold/shared with third parties, as well as the categories of third-parties with whom such personal information will be shared/sold to.
-
Businesses must offer consumers the option to exercise rights and preferences, including opt-out rights.
When there are significant changes to personal information collection, usage, or sharing, consumers must be informed and given the opportunity to consent. This can be done through email, where possible, and by checking an unchecked box on a web page. This ensures that consumers are aware of the changes and can authorize their data’s use.
Violations of state privacy laws, including non-compliant policies, can result in significant liability, including private actions and state attorney general actions. Businesses must ensure compliance with these laws due to the complexity of enforcing privacy policies. Business must also ensure that they are providing proper notice of changes and obtaining the proper consent accordingly.
State legislatures are expected to continue leading privacy regulation, enforcing comprehensive and targeted laws for specific data types, such as healthcare-related information, as there is no federal legislation at present.
(Image Credit: iStock Photo)
This article is for information purposes only. It is not intended to be and should not be relied on as legal advice for any particular matter.