- Types of personally identifiable information you gather from your web visitors (such as name, email, address, telephone number, social security number, and IP address);
- How the information is shared with other parties, if any;
- How to change or delete the web visitor’s data; and
- The policy’s effective date and the last time changes were made.
2. The Children’s Online Privacy Protection Act (COPPA). This is a U.S. law which states that if you are directing your website to children under the age of 13, there are many procedures you must have in place to protect them (including obtaining parental consent, among others). This law is administered by the U.S. Federal Trade Commission. If you have a website or app for kids, you need to get on this.
If you a U.S. company, the U.S. Commerce Department has a “Safe Harbor Framework” where you self-certify to take information out of the EU while in compliance with EU law, including example privacy policies.
4. Canada’s Personal Information Protection and Electronic Documents Act. This requires that businesses obtain the consent of people before collecting personal data, and they explain why they need the information, what it will be used for, and if any third parties will have access to the information. Similar to the EU, it requires that Canadian residents be notified if their information will be taken out of the country.
5. Health Information Portability and Accountability Act (HIPAA). If you have a business that collects health information from U.S. residents, you will need to comply with HIPAA, as well as other similar rules specific to your jurisdiction. For example, you will need to use specific software that meets HIPAA security requirements, and you will need more strict internal procedures to protect that health data. If you are collecting health information and/or in a healthcare field, you need expert advice about how to collect and maintain that information.
Would you like to discuss specifics for your business? Let’s chat!