The ecosystem of business — particularly online business — is not static. Changes are often made to forecasts, models, and business plans in order to better suit the company’s needs. These changes are based on critical growth assessments and fiscal performance reviews.
If you make any changes to your policies, make sure you also keep a records of those changes.
Any alterations to your online presence may result in the collection of more user information, whether or not that is what you intend.
Similarly, if state or federal laws change, you are obligated to comply and must ensure that your policy is consistent with the new legal mandates.
It also makes good business sense to incorporate privacy by design and create an atmosphere of transparency with your customers in order to gain their trust.
1. You Want to Avoid Legal Challenges
This requirement is the result of state laws such as the California Online Privacy Protection Act (CalOPPA), which applies to any website that gathers information from California consumers, regardless of the location of the business.
The FTC’s Gramm-Leach-Bliley Act also governs privacy and the collection of financial data — including credit card information. Failure to comply with state or federal laws can result in serious legal sanctions against your business.
Violations to privacy laws can result in fines of thousands — or even millions — of dollars.
Changing the rules without notice can be framed in court — and in the public eye — as a deceptive practice and companies who do not abide by their own privacy policies risk a lawsuit brought by their state’s attorney general.
2. You Want to Avoid Public Backlash
Increasingly, internet users are becoming more conscious of the information they share online. While much focus in the U.S. and internationally regarding online privacy law is on personally identifiable information, concerns are also frequently raised about aggregate data that is collected and sold in order to streamline marketing efforts.
Legal protections for this kind of information were supposed to come into effect this fall, but the Washington Post reported in March that the proposed protections have been halted by the new administration.
Customers should have easy access to a contact form for any questions or complaints.
3. You Market to Children
Your responsibility is particularly serious if your website attracts or markets specifically to children. Data collected from users under the age of 13 is subject to federal legislation implemented to protect them and their interests.
Wondering how net neutrality affects small business in the U.S? Changes at the federal level are causing states to take matters into their own ends for ensuring the internet is a level playing field for companies of all sizes.
4. It’s About Trust
At the end of the day, maintaining trust with your users is what will keep you in business. In the world of online business, your customers rarely have voice-to-voice or face-to-face contact with a real person who works for your business. Your trust is built almost entirely on the promises you make through the text and images on your site, and how well you keep those promises.
Regardless of whether it is a legal requirement, being upfront about how you handle user data is one way to develop long-lasting customer relationships.
If you run a site which has regular users who may need time to transition off of your site if they do not agree to your new policy, you should offer them the courtesy of advanced notice of at least a couple of weeks.
Notice may or may not be legally required, but it is a great way to develop trust with your customers.
You can also create a blog post or addition to your site’s news section. Place a banner on your site’s home page and/or a pop-up that lets people know about the new policy before they begin to interact with the site. That way, they have the opportunity to leave if they find the changes unacceptable.
4. Why Is Everyone Updating Their Privacy Policies?
While privacy laws have been around for decades, the introduction of legislation like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) has ushered in a new privacy landscape. With growing public concern over user data and data hacking on the rise, laws are being passed around the world every year to better regulate digital data handling.
So, why exactly is updating their privacy policies year after year? In short, they have to — and you probably do too.
|Law/Regulation Name:||Effective Date:||Summary:|
|GDPR||May 25, 2018||The GDPR is a European data protection law designed to give individuals more control over their personal information, and the opportunity to interact safely with online platforms.|
|CCPA||January 1, 2020||The CCPA outlines new standards for data collection, new consequences for businesses that fail to protect user data, and new rights that California consumers can exercise over their data.|
|ePrivacy Regulation||TBD||The regulation seeks to set privacy standards regarding electronic communications – and the metadata associated with the electronic communications – of European citizens.|