GDPR, CCPA, CalOPPA oh my!
More and more countries and states have implemented data privacy laws, and they are all a little different. If you collect any information on your site (yes, that newsletter form counts) then you need to be aware of these and make sure you are complying, because a lot of these laws have penalties attached to them if you don’t.
Back in 2018, I spent months pouring over GDPR requirements for one of my clients. What constituted Personally Identifiable information? What is considered consent to market? Did my client need a Data Privacy Officer? What kind of cookies are covered? How do we turn them off if people opt-out? I was practically an expert by the time GDPR came into effect.
At the same time I was doing this for her I was checking my own site, and telling my other clients that they needed to check theirs. It seemed silly at the time, that some complicated new law in the EU that no one was even sure could be enforced would have implications to their sites. Most of them didn’t even do business with citizens of the EU.
But I could see the writing on the wall. It wasn’t just the EU. Canada already had a version of data privacy laws in effect and they had expressed that they would be updating them to better reflect the way websites were operating and protect consumers. Since the GDPR more countries and several states have enacted data privacy laws. California, Nevada, and Delaware have the strongest of these. In the US, there are 23 state privacy bills (and more are expected).
You’ve probably noticed a lot of companies and websites have been notifying you that they have updated their privacy policies…there is a reason.
Several privacy laws are now in place to protect the personal information of residents of certain states with fines that can reach $2,500-$7,500 per website visitor. Examples of personal information include asking for a name and email on a contact form or using a website analytics tool (like Google Analytics). It’s easy to think that if your website or business is small that these won’t apply to you. Let me use California’s privacy law as an example.
- Has gross annual revenue exceeding $25 million
- Annually processes the personal information of 50,000 or more California consumers
- Earns more than half of their annual revenue by selling personal information
The reason that matters is that the definition of PII is broad enough that an IP address could count (page views anyone?) It’s easy to collect 50,000 IP addresses from California in one year.
While you might not be collecting data and selling it to other companies (looking at you Facebook) I’m sure you are collecting emails for your list. These data privacy laws are designed to protect the citizens of these places. It doesn’t matter that you don’t live in the EU or California or Nevada. These regulations could still apply.
What can you do to get protected?
Enter Termageddon. Now, Termageddon isn’t the only place to get privacy policies or terms of service. In fact, I used a different company for a long time. But then I found Termageddon. They will automatically update your website policies when the laws change (as well as notify you when changes are coming). One of the things that I really loved about Termageddon was that their generators walk you through the process step by step and they have little buttons to click to find out more about the question if you are unsure if it applies to you. I was surprised to find that a few things I didn’t think had applied to me actually did.
If you’d like to learn more about Termageddon, data privacy, and how to make sure you are covered I have some resources below. (No email needed)
First is the Small Business Guide to Privacy it goes over data privacy and privacy best practices. The second is a 90-second video (see below) that explains a bit about what’s happening with privacy laws in the US and how Termageddon can help.
I reached out to Termageddon.
They were nice enough to give me a promo code for my clients and readers to use to save a little extra money (10% off their first-year payment). They also offered to personally take my clients through the setup process to ensure they’re protected.
As I said above, even if you choose not to use Termageddon or use my link I encourage you to check out the Small Business Guide to Privacy and to consider your own Privacy Policies, Terms of Service, and Disclaimers. If you’d like to see an example you can check out my own using the links at the bottom of the site. If you have questions or want to know more feel free to get in touch, I’m happy to help.