Your Company’s website looks great, but are you aware of the hidden dangers?

Your Company’s website…

If you are a member of a company in any industry, you likely have an online presence. The value and positive impact of a commercial website is critical and necessary today. Your website represents you, putting forward the image you want customers and employees to have of your company. You may have spent a great deal of time and money making sure it looks and functions just the way you want. Even so, you may still be at risk for fines and lawsuits with respect to the treatment of your site visitor’s data. This is where compliance and privacy policies and procedures come into play.

A visitor clicking on your company’s website may seem no different from a customer coming into browse your company’s store, but there are significant differences and hidden computer functions that you need to keep in mind to stay ahead of applicable law and policy. For example, by the time the visitor reaches your website, countless amounts of data about that individual have been collected by their browser, other sites the person visited, and even their internet carrier. However, once the visitor accesses your site, the collection and handling of data that occurs on your page is your responsibility. So, now that you know there are rules to follow, what are the rules and where are they found? Well, that is where the confusion starts. The rules you will need to follow are a patchwork of federal and state law, and the technology is ever changing.

Contrary to popular belief, there is currently no Federal law specifically directing companies on privacy policy for their websites. Instead, the main federal direction comes from the Federal Trade Commission’s prohibitions, such as those against deceptive covertly gathering information and disseminating it, or restrictions on collecting information on children under 13 years of age under the Children’s Online Privacy Protection Rules (“COPPA”). Other federal regulations apply to specific industries, such as medicine and financial institutions.

State law in this area is still relatively new but quickly developing. The two major laws now in place regarding the collection of private information are the Virginia Consumer Data Protection Act (“VCDPA”) and California Consumer Privacy Act (“CCPA”), with the latter’s being the most inclusive. For this reason, most developers and compliance departments will use the CCPA as an example for their websites to follow. The CCPA gives your consumers several rights such as the right to know what information is collected from them and how it is used, that they can delete the information collected, and that they can opt out of the sale of the information. To add more confusion, the CCPA also limits its application and provides exclusions. Other state laws are also coming, and with the global reach of the internet every company must remain diligent in staying compliant.

Federal and state guidance meet at the idea that you should let your consumer know that you are collecting information from them, what you are collecting from them, and what you do with it. Clearly, any company with a website should have in place a sound privacy policy that informs the consumer in accordance with their rights and provides them the opportunity to decide if they wish to continue with your website. The informed consent of your consumer will be your best defense in most situations you will face regarding private information, so you must be sure to inform the consumer accurately and fully. Don’t forget to consider your site’s cookies, promotional communications, third parties who have access to your data, and data security.

As with any business act, your company’s credibility is on the line, so be sure your policy doesn’t over-promise what you cannot deliver. For example, although you will no doubt take steps to protect your visitor’s information, you simply cannot guarantee their personal information will be safe. Your policy should also be written in a manner to allow for business needs and changes; If you state you will not sell your visitor’s personal information, you will need their consent to pass it over in the event you sell your company. However, with proper planning you can inform and receive consent in advance, saving you time and money down the road.

Finally, if your company does not have an online presence, it should, and now more than ever companies have multiple options available that fit any budget and need. By planning your online presence with proper counsel, you can save time and money by confirming compliance with the applicable rules and regulations, all while ensuring any risks involved are far outweighed by the benefits your company can receive. If you need help creating and implementing a privacy policy and ensuring what you have in place is and remains compliant, Setliff Law can help.

For more information, contact Michael Jacquez (mjacquez@setlifflaw.com) at 804-377-1261 or Steve Setliff (ssetliff@setlifflaw.com) at 804-377-1261.