Although California’s Online Privacy Protection Act establishes in practical effect a national baseline for privacy policies, numerous other state laws, federal laws, compilations of industry best practices impose still other obligations on businesses and their privacy policies.

Massachusetts and Nevada, for example, in recent years have enacted data security laws that may apply to personal data in your company’s possession.  These laws could impose computer security obligations not in effect when your privacy policy was created.

And many federal laws could apply if your business model has changed.  For example, if your website now collects data about persons and discloses personal information to others, have you considered whether that information may constitute a “credit report” under the Fair Credit Reporting Act?  The Federal Trade Commission has brought several cases in the past year against “personal data” websites that crossed the line into “credit reporting agencies.”

Finally, a number of “best practices” codes have been developed for particular industries.  If your company subscribes to such a code, it is expected to live up to the code’s requirements.  Failure to do so could trigger liability under federal or state consumer protection laws.  Some codes often expect companies to mention their participation in a code in their privacy policies.

Does your privacy policy needs to be updated to remain in compliance with these laws and codes?

Related Posts: