Data Privacy: Is Your Business in Compliance?
Data privacy is not data security. Understanding and implementing policies for both is a critical part of any business’s operations.
Data security addresses protecting stored and in-transit data from criminal hackers and cyber thieves. Data privacy, however, addresses how personal customer data will be used, if it will be shared, and the company’s disclosure of these policies.
Similarly, within the U.S., California passed the California Consumer Privacy Act (CCPA) in June 2018, which went into effect January 1, 2020. This new privacy law provides global protection for California residents. While different states have different privacy compliances, California’s is one of the most comprehensive. So, again, if you have customers who reside in California, your business must comply with these regulations even if your business is located elsewhere — including Pennsylvania. It’s a small web after all.
Nevada and Maine have passed laws that add to the CCPA. Among other requirements, Nevada’s law requires that a privacy policy must be posted on websites and Maine’s mandates fair and equal treatment of customers who choose to opt out.
Here are some tips to help protect your customer and your business:
Data security addresses protecting stored and in-transit data from criminal hackers and cyber thieves. Data privacy, however, addresses how personal customer data will be used, if it will be shared, and the company’s disclosure of these policies.
January 28 is National Data Privacy Day.
StaySafeOnline.org is hosting Data Privacy Day 2020: A Vision for the Future in San Francisco. It’s held every year to commemorate the 1981 ratification of the first international treaty that addressed privacy and personal data protection.Data privacy is a global issue.
The General Data Protection Regulation (GDPR) became law in May 2018. Its purpose is to provide global protection of private data for all citizens of the European Union (EU). So, while this applies to organizations within the EU, organizations that are physically located outside the EU must also abide by these rules for their EU customers.Similarly, within the U.S., California passed the California Consumer Privacy Act (CCPA) in June 2018, which went into effect January 1, 2020. This new privacy law provides global protection for California residents. While different states have different privacy compliances, California’s is one of the most comprehensive. So, again, if you have customers who reside in California, your business must comply with these regulations even if your business is located elsewhere — including Pennsylvania. It’s a small web after all.
Nevada and Maine have passed laws that add to the CCPA. Among other requirements, Nevada’s law requires that a privacy policy must be posted on websites and Maine’s mandates fair and equal treatment of customers who choose to opt out.
Here are some tips to help protect your customer and your business:
- Collect only the information you need. If you collect it, protect it. More data requires more protection and involves more risk.
- Post your privacy policy online to make it transparent and publicly accessible. Disclose to your customers how their personally identifiable information (PII) will be used and/or shared. PII includes your name; street, email, and/or IP addresses; date of birth; phone, credit card, driver’s license, and Social Security numbers; passport information; etc. The CCPA also categorized “inferences,” such as browsing history, online shopping selections, and social media posts, as protected data. If it can be used to build an individual’s profile, it’s private data.
- Inform customers. Many businesses use cookies for this purpose. If customers click to “accept cookies” when using your website, they are agreeing to allow you to track their page views so you can serve them more relevant marketing communications.
- Give customers a way to opt-out, and integrate a plan to segment those customers, so you abide by their requests.
- Educate your employees and limit access to personal data.
- Update your own privacy settings.