Here we get into all of the details, the legal implications, changes in privacy laws, and how to get your website in compliance.
Privacy Laws Nationally
While California and New York were first in implementing privacy laws, there are currently 17 other bills that are in the works that will impose additional requirements. Although they are being considered in Alabama, Connecticut, Virginia, Minnesota, Mississippi, New York, New Jersey, North Dakota, Oklahoma, Vermont, and Washington understand that these bills apply to the consumers of the state – not the business.
There are currently several laws across the country that cover telecommunications, health information, credit information, financial information, and marketing. So, for example, even if you are in Texas the current California consumer privacy law, other current laws, and these proposed laws apply to your business website.
The Newly passed New York Shield Act, Stop Hacks and Improve Electronic Data Security Act, amends the former data breach law the state held and adds more security requirements.
Nevada and Delaware have privacy laws similar to California and New York. Some privacy laws cover an entire industry, like the Health Insurance Portability and Accountability Act of 1996 that protects patient information in health care settings.
On March 3, 2021, VA S 1392, the Virginia Consumer Data Protection Act (VCDPA) was signed into law.
And the laws keep changing and states keep amending them.
Privacy Laws Internationally
The General Data Protection Regulation protects the privacy of EU residents. This legislation governs the collection, transmission, and data of residents of 28 member countries of the European Union. The Australian Privacy Act of 1988 and the Canadian Personal Information Protection and Electronic Documents Act can also affect your business when visitors of those countries are on your website.
- Notify visitors what Personal Identifiable Information is collected while on your website
- How you will use the collected information
- Who you will share that collected information with
- Your contact information
- The method used to collect the information
- The reason you collect the information
- How your website responds to “do not track” tools
I only sell within the US, do I need to address Europe’s privacy policies?
Being a US business, it is not required that you follow suite and add a cookie bar to your website. This was generated by the EU e Privacy Directive or the ‘Cookie Law.” Even if your website is based in the United States, visitors from the EU who visit your website must be protected and must know how they are protected. It is best practice now to get their consent to collect cookies before obtaining personal data. You will have to also give them the ability to revoke their consent, document and renew each user consent.
I have a very small website, do I still one?