Consumer Privacy Policies
May 16, 2018
Consumer Privacy Policies
As was mentioned in my previous blog, consumer intelligence and big data are hot commodities. And while thieves are regularly breaching company walls to steal electronic information, businesses are also taking advantage of the lucrative opportunity of sharing and selling consumer data. And in an extremely competitive environment, it is understandable that a business would do so, particularly considering it is perfectly legal.
And it was almost as if California foretold this reality with 2003 being a very good year for consumer data protection. In this year the “Shine-the-Light” law was enacted to require businesses to notify consumers how consumer information is shared with third party direct marketers.
And more relevant today than in 2003 when it was passed is the California Online Privacy Protection Act. This series of laws were directed at online retailers who necessarily collect more information about consumers than do most brick and mortar businesses.
These consumer protection laws arose out of concern about how businesses were using consumer data unbeknownst to the consumer. And in the 15 years that have elapsed since their inception, these laws have become commonplace which, unfortunately, can lead to complacency. And that is precisely why I am going to provide a refresher.
If a business has an existing business relationship with a consumer and in the previous year disclosed consumer information to a third party for marketing purposes, the business must disclose to the consumer, on request, the business to which the information was disclosed and the type of information that was disclosed. Disclosure is made by way of a sharing disclosure statement.
Any business with 20 or more employees that shares consumer information with third party marketers is advised to adhere to the requirements outlined in Shine-the-Light. A consumer who isn’t afforded the rights enumerated in Shine-the-Light may be entitled to attorneys’ fees as well as civil penalties up to $3,000.00.
California Online Privacy Protection Act
Categories of information collected
Process business has in place for consumers to view and change collected information
How the business responds to browser restrictions on the sharing of information about the consumer
Disclose whether other parties collect personally identifiable information
Policy effective date
Unfortunately for consumers, the Act does not provide penalties for non-compliance. However, businesses are not off the hook for violations. The California Attorney General maintains a Privacy Enforcement & Protection Unit responsible for enforcing state and federal privacy laws. In one such action, the Privacy Enforcement & Protection Unit engaged mobile application developers that did not provide proper privacy notices. Under threat of fine, developers were given 30 days to remediate the deficiency. This doesn’t necessarily provide relief for the consumer, but it does help enforce compliance which in the end is the purpose of the Act.
While it is unlikely that a single violation will muster the interest of the attorney general, businesses should always consider the goodwill engendered with consumers by being open and compliant. Privacy will continue to be at the forefront of consumer concerns and businesses that fail to recognize this will suffer. Don’t let your business’s reputation be that of one that fails to take consumer privacy seriously.