Each country has a different set of privacy laws and regulations that determine the regulation, storing and use of personal information.
Here are two examples from two very different places:
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act or CCPA is a law made to strengthen privacy laws and protect consumers that are resident in the state of California.
The law applies to a business that meets any of these criteria:
- makes a gross annual income exceeding 25 million dollars;
- purchases and/or trades information from at least 50,000 consumers; and
- earns 50% of its annual income from selling consumer information.
If a business meets any of these criteria, it must comply with the following:
- create processes to acquire parental consent for consumers under 13 years, and affirmative consent for consumers from 13 to 16 years;
- include a “Don’t Sell My Personal Information” link on the business website’s home page;
- provide ways to submit requests to access data, including at least a toll-free phone number;
- make updates on privacy policies when new information is required, with an explanation of California residents’ rights; and
- avoid asking for consent to opt-in within a year (12 months) after a Californian decides to opt out.
If a business does not comply, then damages and fines apply that range from $100.00 to $7,500.00 for every violation or incident.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation is a legal act made for the movement and protection of personal information in and out of the European Union and the European Economic Area. It represents a fundamental shift in how the use of personal information is regulated. This regulation was made in response to the increased use of sensitive personal data online and to ensure that companies have lawful grounds to acquire this type of information and that it is protected with utmost security.
Using personal data must follow all of the six general principles:
- Date collection must be fair, for a legal purpose and be open and transparent about how the data will be used.
- It can only be collected for a specific purpose.
- The data collected must be necessary and not excessive for its purpose.
- It must be accurate and kept up to date.
- Data should not be stored any longer than necessary.
- Data must be kept safe and secure.
Penalties for violations of the GDPR span from a written warning in unintentional violations, to fines ranging from €10 million to €20 million depending upon the gravity of the offense.
Privacy policies are a means to protect your information from companies that have the capability to abuse it. It pays to be vigilant and cautious when putting data on the internet. Remember, the protection of your personal information starts with you.
Svethlana Milanes, ABComm
Contact W3IP Law on 1300 776 614 or 0451 951 528 for more information about any of our services or get in touch at firstname.lastname@example.org.
Disclaimer. The material in this post represents general information only and should not be taken to be legal advice.