Author – Michelle Lagos
This answer begins with a series of simple questions:
Does your website collect visas? Forms? Personal information? Like subscribe options info while making appts.? Website or Google Analytic tracking?
Because of that, do you have a Private Policy page in your website that’s linked in an area where every viewer can easily see it? Like the footer?
If you don’t, you need to speak with your attorney and get that taken care of. We’re happy to get it placed correctly on your website when you do. Running any risks in a very sue-happy period of history, isn’t worth the risk, for the reasons stated below:
Why? There are global laws regarding how data is collected that must stay under the data compliance for the GDPR, CCPA, LGPD and other regulations that are typically applied state by state so making quick copies off the internet may not correctly apply to your business activities.
Here’s an Oregon example that occurred 2017 that’s was a state-wide decision in 2017:
On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090. This new law makes materially inaccurate claims related to the collection, use, disclosure, maintenance, and disposal of consumer data an unlawful trade practice subject to enforcement by the Attorney General. Ouch!
The law applies not only to claims made on websites (privacy policies come to mind), but also in consumer agreements (ISP and cloud hosting agreements). So, being clear and upfront of how information is used and stored isn’t an option anymore, just like being ADA Compliant isn’t either. (See the GLN ADA COMPLIANCE blog for more details).
Businesses typically/should review their standard contract forms on a regular basis during negotiations with customers and vendors. Those reviews provide an opportunity to identify claims related to data security that may no longer be accurate. But website privacy policies—rarely the subject of negotiation—are much more likely to be neglected for long periods of time. A best practice is to routinely review your contract forms and privacy policy to ensure they still accurately reflect how you collect, store, and use data. This “new-ish” Oregon law, is just one example of an extra incentive, to keep those contracts and policies up to date!