Privacy Policies as an Asset – or Liability
Recent Privacy Laws Make Privacy Policies More Challenging
At the same time, the differences between the laws create challenges. The laws are inconsistent in their key definitions (such as the definition of personal information), and the rights they confer are different as well. Since online commerce inevitably flows across state borders, firms must consider each of these laws and create policies that fit each of their requirements. This effort can result in a complicated policy that may create more questions than it answers.
Moreover, we can expect additional state laws, as well as implementing regulations (such as the regulations expected to be promulgated on July 8, 2022 by the California Privacy Protection Agency). New laws and new regulations, even when they do not explicitly target privacy policies, can have an impact requiring companies to review and update their policies.
Avoiding Key Mistakes
- A detailed inventory of the data the company collects, how it is collected, and what it is used for, with an emphasis on the jurisdictions from which data is collected, and how data can be stored not just in databases, but in emails, reports, and personal devices;
- Understanding whether and how the company collects sensitive personal information, such as health, financial and geo-location information;
- Analysis of existing security procedures to ensure that personal information is protected; and
- Policies and procedures for responding to individual rights requests, including a means of keeping close track of those requests and the means by which they will be validated.
Creating the Policy
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.