One of the bigger issues facing both companies and their customers (and even potential customers) today is the collection, retention, and possible dissemination of information and other data through websites (and apps). The type of information collected through websites that has garnered the most attention is personal information (any information about an individual, including name, address, e-mail address, phone number, social security number, and date of birth) and more technical data such as usage (how and when customers access/use the website), analytics, and cookies (to track computer settings, IP addresses, browser type, time, etc.).
Most of these laws or proposed laws grant similar rights to the consumers and have similar requirements on the businesses. Consumers are often given the right to know what personal information is being collected about them, to know if that information is going to be sold and, most importantly, to control and limit the disclosure and sale of their information to third parties.
With regards to requirements on the businesses, these laws generally apply to businesses that fall into specific categories (for example, the size of the company or amount of annual revenue). If a company falls into any of the specific categories within the law, the company must implement practices to protect the consumer data they collect and implement procedures to allow consumers the ability to recover their personal information and stop the sale of their personal information to others. Depending on the state, these data privacy laws may require businesses to permit consumers to request access to their stored data, restrict the sale of data to others, and provide safeguards to protect the security, confidentiality, and integrity of their customer data.
It is also important to note that, since these data privacy laws apply to residents of the state, if your company has customers who are residents of that state or if you do business in that state, you are required to comply with that state’s data privacy laws no matter where you are located. Furthermore, a violation of the state data privacy laws usually subjects the company to potential fines, and often the fines can be levied per violation.
Ashley Oblinger is an attorney in the law firm of Weissmann Zucker Euster Morochnik & Garber P.C. in Atlanta, Georgia. Ashley specializes in business law and self-storage law, advising self-storage facilities throughout the country on all legal matters, including lease preparation, lien enforcement, tenant issues, tenant claims defense, and employment policies. He can be reached at (404) 760-7434 or Ashley@wzlegal.com.