DO WEBSITES NEED PRIVACY POLICIES?
Some of the most valuable assets of any business are its customers and the information that the business maintains about those customers. As the type and number of regulations governing consumer privacy increases, so do the risks of gathering and storing customer data. We can help you to assess those risks and craft one or multiple privacy policies designed to avoid exposure.
Privacy policies are more than an explanation of what information a business collects and what it does with that information. Increasingly, privacy policies are expected – if not required – to address how information is gathered, when and with whom it is shared, how customers may interact with it, and what is done to protect it. Certain types of businesses, including healthcare, financial, child-oriented companies, and businesses with overseas customers, EU Citizens especially face even greater regulation.
Recent FTC and various state Attorney General regulations have mandated privacy policies for all mobile apps, and they have also recommended best practices for app developers for when to provide additional notice about personal data collection. We ensure that your company stays abreast of all of the new regulations and recommended best practices.
RELEVANT STATE LAWS:
Calif. Bus. & Prof. Code § 22575
Calif. Bus. & Prof. Code § 22575-22578 (CalOPPA)
Conn. Gen. Stat. § 42-471
Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be “publicly displayed” by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.
Del. Code Tit. 6 § 205C
Stop Hacks and Improve Electronic Data Security Act” (SHIELD ACT) Requires that “any person or business” that owns or licenses computerized data which includes private information of a New York State resident “shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the private information.” Small businesses of fewer than 50 employees, less than three million dollars in gross revenues in each of last three fiscal years, or less than five million dollars in year-end total assets may scale their data security program according to their size and complexity, the nature and scope of its business activities and the nature and sensitivity of the information collected.