Examples of personal information include:
- Date of birth
- Email address
- Billing and shipping address
- Phone number
- Bank details
- Social security number
(1) Ensure consumer awareness of privacy
(2) Legal regulation
Now that we have established, the what and the why of privacy policies, we’ll take a look at some specific laws and their requirements.
Privacy laws in the US
The California Online Privacy Protection Act (CalOPPA) is one of the strictest privacy laws currently active in the US and will be until the CCPA goes into effect on January 1, 2020. The CalOPPA affects anyone who collects personal information from California residents, which impacts parties far beyond state borders.
CalOPPA has standard requirements for privacy policies including:
- Informing users of what types of information is collected about them
- Details regarding third parties with which personal information is shared
- Explaining how the business responds to “do not track” signals from IP addresses or web browsers
- Consumer rights and choices — how to exercise them
- Description of the method for submitting Data Subject Requests (DSR) for access or deletion
- A link to an opt-out page (for marketing and other communication)
Want to find out more about specific CCPA requirements, including DSARs, information that must be available for users, and other consumer rights? Check out our recent post by privacy expert Sue Poremba on Preparing for CCPA’s Section 2 – Consumer Rights.
The enforcement of the GDPR is much stricter than with previous regulations and carries greater penalties for non-compliance, including fines of up to €20,000,000 or 4% of global revenue.
- Business name and contact details
- How to opt out of data collection
- The types of information collected by the website/app
- Customer Communication
- Account Information
- Log Files
- User Data
- The purpose of collecting the data
- How the data is processed, shared, or used
- Data storage, security, and access
- Authentication for access to user data
- How long data is stored by the company
- If and how users can access their data (GDPR/CCPA requirements)
- Details of data transfers
- Affiliated websites/organizations and subprocessors (optional)
For more information and examples of Privacy Policies, check out our Sweet Sixteen Privacy Policies.