Privacy policies are a necessary component of every website that collects user data, including e-commerce websites, agency sites, blogs, small-to-large scale business websites, and more.
According to some reports, around 63% of the world’s population has access to the internet. Approximately 5 billion people use the internet to seek information and to buy and sell products and services every year.
Essential U.S. Privacy Laws
Although the U.S. does not have a federal privacy act that governs data protection, there are federal regulations that provide guidelines on consumer protection matters, and individual states have their own privacy laws.
For example, if your business is based in California or is targeting residents of California, you must follow the regulations of the California Consumer Privacy Act (CCPA), which requires businesses to outline their privacy practices on its website.
- The Federal Trade Commission Act – Regulates certain commercial practices;
- Controlling the Assault of Non-Solicited Pornography and Marketing Act – Governs any deception and disclosure through email marketing;
- Children’s Online Privacy and Protection Act – Protects children below the age of 13;
- Electronic Communications Privacy Act – Protects certain digital communications from misuse; and
- Computer Fraud and Abuse Act – Makes unauthorized computer and data access illegal.
Essential International Privacy Laws
For example, if your company has visitors, customers, or clients from Europe, it is essential to follow the guidelines set by the General Data Protection Regulation (GDPR) in storing, collecting, and publishing data obtained from your website visitors. Following the GDPR regulations is mandatory, even if your business is not physically located within the European Union.
Types of Data That Are Collected
The types of data that are collected on a business website depend upon the function and operations of the business. For example, data collected by solo entrepreneurs or bloggers are usually minimal in comparison to data collected by social media applications such as Facebook, Whatsapp, or Instagram.
Below are some examples of data that is commonly collected:
- Email address
- Phone number
- Religious belief
- Residential address
It is also common for some businesses to collect data that is sensitive in nature. Such data includes:
- Financial details, including credit card information
- Sensitive medical records
- Data belonging to minors
- Acknowledge that your website collects data. If your website does not collect any user data, include a statement that no personal user data is collected.
- Explain the purpose of your business’ collection and storage of data, and describe:
- The type of information collected;
- The precautions that are taken to protect the collection of information; and
- Whether you use any tracking tools, such as Cookies.
- A description of all third parties the data is shared with (if any).
- Explain the rights website visitors have regarding their collected data.
- Provide website visitors with an option to ‘opt-out’ of sharing non-essential data.
- Provide website visitors with a way to request that your business delete or remove their collected or stored personal data.
- Provide your business contact details so that visitors can reach your business to make any requests or ask any questions.
Failure to comply with the requirements of any U.S. state law, U.S. federal law, or international law can result in heavy fines. Below are some examples of monetary penalties that can be imposed for violations:
- European Union GDPR: $20 million or up to 4% of your company’s global annual revenue, whichever is higher;
- Canadian PIPEDA: Companies who intentionally violate any clause can face fines of up to $100,000 for each offense;
- California CCPA: Fines up to $7,500 for intentional violations and up to $2,500 for accidental violations; and
- Virginia CDPA: Fines of up to $7,500 for intentional violations.
The amount of the fines depends on various factors, such as the severity of the violation, and whether any previous violations have occurred. Did you know that in 2020, Google was fined $57 Million for violating the GDPR?