Update Your Privacy Policy Now to Avoid Costly Penalties

In All, Data Protection, Technology by lowndestech

By: Melody Lynch

Sweeping consumer privacy law changes are moving quickly through the Florida legislature. Covered private businesses should act now to bring their privacy policies into compliance with the anticipated new requirements.

Below is a checklist of the top things that companies should incorporate into their privacy policies regarding to consumer data collection and selling practices.

5 Must-Haves for Your Privacy Policy:

  • Florida-specific consumer privacy rights;
  • Categories of personal information collected by the company;
  • Categories of personal information that the company sells or discloses to third parties;
    • The privacy policy should include the ability for consumers to “opt-out” of the sale or disclosure to third parties.
    • If none, the privacy policy should specify that no personal information is sold or disclosed.
  • Categories of personal information the company shares or discloses for a business purpose;
    • For example, what are the reasons the company uses personal information from consumers?
    • If none, the privacy policy should specify; and
  • Categories of third parties who receive the collected information from the company.

If your company sells consumer data to third parties, you must have a link on your privacy policy and/or website that permits consumers to “opt-out.” It must also allow them to select “do not sell or share my personal information” with third parties.

Consumers may request a free copy of their personal information collected by the company up to twice a year. Companies must provide consumers with two different ways to access this information, such as through a link from the privacy policy and by calling a central number and making a request.

Additionally, the privacy policy should give consumers a link to request deletion of their personal information or to request a correction for data that is incorrect.

Data in your company’s possession should be secured through encryption or modification which removes identifying elements of an individual consumer’s personal information and presents the data in the aggregate or in an otherwise unusable format. Once you no longer need the data, delete it!

Privacy policies should be updated at least every 12 months and must be available on your company’s website.

Additionally, retention schedules must be in place regarding the use and retention of personal information after the initial reason for collection has passed.

Non-Florida businesses should pay attention to announcements in their home states since more and more are passing similar legislation.

For more information about Florida’s privacy bill, tune into Florida Privacy Bill and Your Consumer Data [Lowndes Legal Talk].