If you were subscribed to any newsletters back in May 2018, you probably noticed that every other email (or maybe even all of them) were suddenly letting you know about their updated privacy policies. There was a very good reason for this, as from 25 May 2018 the European Union’s General Data Protection Regulations (GDPR) came into effect.
It was around that time too, that you may have noticed more websites requiring you to give your consent to their using cookies on their website. While it’s easy to assume that as long as you don’t live in a country in the European Union that you’re fine, that’s not necessarily the case.
If you process data (such as collecting email signups or accepting comments on your website) or sell goods or services to those in the European Union, the GDPR applies to you regardless of where you live or where your business is situated.
What privacy policies protect
Most privacy laws protect the privacy of consumers online and that includes their Personally Identifiable Information. Personally Identifiable Information (PII) or personal data is any information that could identify someone and includes:
- Email address
- Telephone number
- Physical address
- IP address
Some of the major privacy laws and acts
It’s not just Europe that takes privacy seriously. Many other countries have major privacy laws that need to be complied with, or you could potentially face large fines for not doing so.
The United States federal government has not passed a privacy law, so many of the individual states have enacted their own privacy laws. In 2023 two new privacy laws will come into effect, the Colorado Privacy Act and the Virginia Consumer Data Protection Act. You can find more information regarding proposed privacy bills in the United States at the Termageddon website.
- California Online Privacy and Protection Act of 2003 (CalOPPA)
- California Consumer Privacy Act (CCPA)
- Nevada Revised Statutes Chapter 603A
- Delaware Online Privacy and Protection Act (DOPPA)
- General Data Protection Regulation (GDPR)
- United Kingdom’s Data Protection Act 2018 (UK DPA 2018)
- Australian Privacy Act of 1988 and
- Personal Information Protection and Electronic Documents Act (PIPEDA)
That’s a lot to take in, especially if you are offering your goods or services worldwide, and need to take into account more than one countries privacy regulations.
Penalties for not complying with privacy laws
Regarding the CalOPPA legislation, the California Attorney General can impose a penalty of $2,500 per violation for failure to comply with this law. In this case, “per violation” means per website visitor from California.
Fines for not complying with the CCPA are $2,500 per violation or $7,500 per intentional violation. Per violation means per consumers whose privacy rights you infringed upon. The CCPA also allows individuals to sue a business for breaches in the privacy
Nevada Revised Statutes Chapter 603A means that penalties of up to $5,000 per violation can be imposed. In this case, per violation again means per website visitor whose privacy rights have been infringed upon.
In the case of the Delaware Online Privacy and Protection Act (DOPPA), the Attorney General of Delaware can impose a penalty of $2,500 per violation for failure to comply. In this case, “per violation” means per website visitor from Delaware.
GDPR is one of the most heavily enforced privacy laws in the world with heavy fines levied. For less severe violations of GDPR, businesses can be fined up to €10,000,000 or up to 2% of annual turnover, whichever is higher. Especially severe violations can mean fines of up to €20,000,000 or up to 4% of annual turnover, whichever is higher.
The Australia Privacy Act 1988 can impose penalties of up to AUD $2,100,000 for serious or repeated breaches of the privacy act.
Failure to comply with Canada’s PIPEDA can lead to fines of up to $100,000 (CAD) for each violation.
How to protect your business
There are many places online that will help you with privacy policies. Some are free, some require an initial payment, and some like Termageddon are a yearly payment. The problem with the free templates is that often they are not customized to your exact requirements. Similarly, with the one-time payment templates, they may not be current, may not cover all the privacy laws that you need to comply with, or soon become outdated.
Many larger companies, with the budget to do so engage an attorney to write their policies, but this is often too expensive for smaller companies to contemplate. Termageddon’s policies have been written and reviewed by contracts and technology attorneys so you know that you are getting the best of both worlds – comprehensive policies at an affordable price.
I am a reseller and an affiliate for Termageddon, which means that if you click on a link to Termageddon (that link just there) that I may receive a small commission from any purchase you make with them, at no extra cost to you.
For those that prefer to leave all the technical side of websites to someone else, I can assist you by purchasing a license to use Termageddon’s policies on your website and install it on your website for you.