1. Required by Law:
Furthermore, the law also specifies important elements that are to be included or addressed within the required policy. For example, site users must be informed, among other things, about how collected information is used and with whom it is shared or otherwise disclosed. (Additional information about CalOPPA can be found here.)
Delaware and Nevada, for example, are also states that impose legal requirements much like those of CalOPPA.FN3 Both of these states are noteworthy due to their popularity for incorporating or otherwise organizing business entities.
The privacy laws of Delaware and Nevada apply to businesses, large and small, that collect information about their residents. The specific elements that the required policy must address are very similar to those of CalOPPA. (Additional information on Delaware's privacy law can be found here. Information about Nevada's law can be found here.)
There are also federal laws that apply to some businesses depending on the type of business or from whom information is collected. For example, the Children’s Online Privacy Protection Act (COPPA) requires certain policies and practices from business that collect information from children under the age of thirteen (13). Additionally, businesses that collect or maintain educational or health information may fall under the scope of other federal laws.
2. You've Agreed to It:
To learn more about internet agreements and their enforceability, see the previous entry titled "Creating Enforceable Internet Agreements."
These policies generally specify elements or practices that are to be included like, e.g., disclosing the site’s use of that particular Google service or not associating any personal information with trackable information about site activity.
3. Providing Consumer Protection:
Privacy is often pitted against security. Enhancement in privacy, it is thought, comes at a cost to security. This, however, is not true of data privacy and cybersecurity.
Cybersecurity safeguards data privacy. You do not have to give up on security for the sake of privacy. Instead, improvements in security better secures the data that is to be protected and kept private.
Regardless of their size, businesses that collect personal and other information from their customers should be protecting that information. They have been entrusted by the patrons of their products and services with information that if it were to fall into the wrong hands could wreak considerable havoc in their lives.
Enhancement in privacy, it is thought, comes at a cost to security. This, however, is not true of data privacy and cybersecurity...
As a result, businesses need practices and procedures in place to protect this information and consumers need information about these practice and procedures in order to make an informed choice.
For more information about Colorado’s law requiring an information security and disposal policy, see the previous entry on “Colorado’s Data Privacy Law.”
4. Transparency and Consumer Trust:
We are all consumers of various products and services and, in the 21st century, this means providing a lot of personal and other sensitive information to the businesses that provide the things we want and need.
For most small businesses, this transparency is a great chance to build trust.
Unlike the tech giants and other large multinational corporations that get so much attention when it comes to data privacy, smaller businesses generally do not have the resources or budgets to allow them to profit from storing and analyzing large amounts of data from their customers.
For these reasons, small businesses can use their privacy policies as a marketing tool in order to earn consumer trust that larger businesses may be unable to credibly claim.
5. A Bad Policy can be Costly:
Answers to these questions are unique to your business. Incorrect, incomplete or misleading information here may run afoul of federal or state consumer protection laws. The Federal Trade Commission, for example, can bring suit against businesses who engage in deceptive trade practices.
Colorado, like other states, also has its own laws designed to protect its residents. Successful claims under these laws can result in significant fines designed either to bring about compliance or to punish the business for its deceptive practices and the resulting harm to its consumers.
Furthermore, all fifty (50) states now have data breach notification laws and liability under these laws can depend upon whether the practices and procedures described by a privacy or security policy were actually followed in practice. To learn more about Colorado's data breach notification requirements, see the previous entry titled "Colorado Data Breach Notification."