Children’s Online Privacy Protection Act (COPPA)
Gramm-Leach-Bliley Act (GLBA)
Companies that are “significantly engaged” in financial activities are required to give clear, conspicuous, and accurate statements of their collection and sharing of personal information. This includes companies that “offer consumers financial products or services like loans, financial or investment advice, or insurance” according to the Federal Trade Commission’s (FTC) website. You can read more about it here.
Health Insurance Portability and Accountability Act (HIPPA)
As business owners, this can feel cumbersome, but as consumers I think we can see why this is necessary to protect us.
In 2012, Delta was sued by the state of California for violating this law and pursued statutory penalties of $2500 for each time the app was downloaded by a California resident. Is your business as big as Delta? Probably not, but that doesn’t mean you wouldn’t face fines for violating the law.
Considering the number of privacy breaches in the past few years, I expect many other states to follow suit. And, I would be surprised if the federal government did not enact a federal law requiring privacy policies and the disclosure of how a website is collecting, using, and sharing the personal information of its visitors.
General Data Protection Regulation
There are many international laws, but the only one I will mention in this article is the General Data Protection Regulation (GDPR). The GDPR is a European Union law that went into effect on May 25, 2018. It caused quite an uproar at the time, because it’s a very encompassing law and applies not only to websites and businesses located in the EU, but also those whose websites and/or businesses can be accessed by the people located within the EU.
- What personally identifiable information (PII) you are collecting from customers and those visiting your site?
- How you collect that information?
- How you store and protect that information?
- How you use that information?
- How you distribute or share that information?
- How your customers can access what information you’ve collected about them and what they can do to review, edit, correct, and/or delete that information?
It’s also a good idea to include a business transfer clause. This is a clause saying if you sell, or otherwise transfer, your website, you will also be transferring the information you’ve collected from visitors and customers.
Finally, you should have a dispute resolution clause. I generally suggest an arbitration clause. Though this might sound like a scary legal term, what it means is that if there are any disputes, you will go to arbitration to handle the disputes instead of the court system. This is usually a much more cost effective and timely way to handle disputes.
Want to make sure your website is fully protected? Check out this post to learn what other legal pages you need on your website.
Disclaimer: This site, and all information contained herein or through communication with me, is intended as legal information only. I am an attorney, but I am not your attorney, so nothing on this site, nor any communication with me, shall create an attorney-client relationship. I am not liable for damages or losses based on any action taken, or inaction, based on the information contained on this site. All areas of the law are fact specific and there is no substitute for legal advice from an attorney licensed in your jurisdiction who is familiar with the specific facts and circumstances of your situation.