- Types of data collected -- name, date of birth, location, etc.
- How data is collected -- user entry, cookies, etc.
- How the data will be used -- marketing, usability, service functionality, etc.
- If the data will be shared or sold -- third-parties, partners, etc.
- How the data will be stored and protected -- service locality, encryption, etc.
- How to opt out and request deletion, including how to file requests and privacy questions.
- Date the policy comes into effect.
- Contact information for privacy-related requests.
- Other information that might be required according to the consumer's jurisdiction.
The United States currently has no federal laws that directly require or enforce privacy policies. The FTC (Federal Trade Commission) is promoting industry self-regulation and enforcement of current laws. Current U.S. laws mainly protect medical personal health information with HIPAA and children's privacy with COPPA (Children's Online Privacy Protection Act).
Several U.S. states have enacted laws protecting consumers' digital privacy. California has passed several such laws, such as the California Consumer Privacy Act (CCPA).
The European Union has passed many consumer data privacy laws. The most notable being the General Data Protection Regulation (GDPR). This protects all EU citizens, even if the business is not located in the EU. It strictly defines how companies collect and store data and includes fines for non-compliance.
Check out the top 10 customer data privacy best practices and how data anonymization best practices protect sensitive data. See how to use a data privacy framework to keep your information secure and overcome GDPR compliance challenges. Explore privacy controls to meet CCPA compliance requirements and how to comply with the CCPA.