Privacy has become a hot topic with the increase in data that is collected and stored by businesses. Protecting privacy is important and new laws are popping up to regulate privacy.
The definition of personal information will vary depending on the different pieces of legislation but, generally, the following are included:
- Date of birth
- Addresses (postal and email)
- Payment details (credit card numbers)
- Location (IP address, geo-location)
- Social Insurance Number
In addition to outlining how the company will use the information, it must also include how it will be compliant with legislation. It should also provide information related to consumer recourse if the company is not compliant and shares data.
It is the law – and fines for non-compliance are hefty! There is an added layer of complexity because it doesn’t matter where you are located – it matters where your site visitors are from. You can be required to follow multiple different privacy laws. Let’s look at them:
The European Union has some of the strictest privacy laws in the world. The General Data Protection Regulation (GDPR) provides detailed information in regards to the privacy policies. Regardless of where your company is located, if you operate in Europe or process the personal information of users located in Europe, you must comply with the GDPR. You also have to ensure that you have your users’ unambiguous and affirmative consent before you start collecting any personal information.
United States (California)
The California Consumer Privacy Act (CCPA) also came into effect in 2020 to supplement the CalOPPA. It’s scope is more limited – as it is targeted to businesses that either have an annual gross revenue of more than $25 million, make at least half of their revenue selling personal data of its users, or that sell, buy, share or receive personal information from at least 50,000 households, consumers or devices annually.
Please note that these examples are not comprehensive of all privacy guidelines across the globe. Please consult with a lawyer to make sure you are compliant with the guidelines that you are required to abide by.
It may also help build trust with your site visitors, creating transparency and making them feel comfortable.
Do you have to use a lawyer to draft or review your agreement?
While you don’t have to, there are clear benefits to doing so. The first benefit is that you know the document would be specific to your site/apps and business practices, so there is little a lower risk that anything would be overlooked. A lawyer will also look to the future and think about how to protect your business as it develops.
A lawyer would know to ask if your site/app requires users to provide personal information. If so, Personal Information Protection and Electronic Documents Act (PIPEDA) would be relevant to you.
If your business practices are complex, it’s even more important to involve a lawyer. The devil is in the details.
The cost of not being compliant is so high, it’s not worth the risk. A lawyer should at least review the documentation. In a perfect world, a lawyer would draft the agreement. Lack of knowledge or understanding is not a defense, if you are found to be non-compliant for any reason, you will face potentially hefty fines.
- Do you collect a large amount of personal information from your users?
- Do you transfer data to or from third parties?
- Do you do any ecommerce?
- Do you have users in multiple countries or legal jurisdictions?
Not Sure How Much Data You Collect?
Are Children Part of Your Audience/Site Visitors?
California’s Children’s Online Privacy Protection Act (COPPA) is relevant if you have children from California visiting your site.
The pro for gathering info online or using the cheapest document generator is the cost savings. The con is the lack of assurance that you have everything you need in place to protect you.
Few things are as important as protecting a business that you are investing time and money in, to grow.
This material is for general information purposes only. It is not intended to provide legal advice or opinions of any kind and may not be used for professional or commercial purposes. No one should act, or refrain from acting, based solely upon the materials provided on this website, any hypertext links or other general information without first seeking appropriate legal or other professional advice. The information is provided for your convenience only. These materials may have no evidentiary value and should be checked against official sources before they are used for professional or commercial purposes. It is your responsibility to determine whether these materials are admissible in a given judicial or administrative proceeding and whether there are any other evidentiary or filing requirements. Your use of these materials is at your own risk.