Have you ever taken a second to look around and notice your surroundings? How many people can you spot immersed in their mobile devices, tablets, or laptops? While you’re at it, go ahead and count yourself because you’re currently reading this article using one of those devices. Technology has become such an integral part of our daily lives that the average person spends roughly seven hours looking at a screen each day. Now what you may or may not realize is that the amount of personal information being collected and/or even stored during that time of screen use, is approximately 2.5 quintillion bytes. That’s a lot of your personal data that you may not know how or for what purpose it is being utilized.
Currently, the United States does not have any uniform data privacy laws. Instead, there are numerous federal laws that govern specific industry sectors pertaining to data privacy, but there is no significant piece of federal legislation that encapsulates this area as a whole. Meanwhile, there has been a steady rise of state legislation targeting privacy laws that have been enacted within the past two decades. The most notable being the California Consumer Privacy Act (CCPA), which has been the catalyst for other states to enact their own privacy laws. With new and emergent technologies being introduced into today’s society and as we move further into the digital age, you can expect more and more states to follow suit with similar data privacy regulations as well.
Next, you will want to ensure that your policy aligns with the laws governing the dominant industry to which your organization belongs. An example would be detailing the ways in which your organization handles consumer financial PII if the company is within the financial industry or how a consumer’s health information is being secured if your company is within the health care industry Most importantly, the policy should explain how the company remains in compliance with those respective bodies of law. Also, don’t forget about state regulations where your company does business and where a substantial part of your consumer base resides (remember the CCPA as previously discussed). Another notable law to keep in mind is the Children’s Online Privacy Protection Act, also known as (COPPA). This legislation applies to websites and online services directed to children under the age of 13 that knowingly collects personal information from a child.
1Bernard Chao, Privacy Losses as Wrongful Gains, 106 Iowa L. Rev. 555 (2020).