Digital Marketing: Is Your Website Data Collection Practice Compliant?
Have you taken a complete account of your website? Checked for security, corrected wording, and even ensured that you were in compliance with ADA. Have you thought about your digital marketing and the data you collect to ensure that you attract the right customers, use the right keywords, get found on search engines, and even learn what part of your website outperforms others? If not, you may discover that you are not in compliance with the revised data collection practice policies required by law. Your website could be missing a Cookie Collection opt-in and opt-out option, a CA Privacy Policy disclosure, and a General Privacy Policy. That can mean potential fines for failing to have website data compliance policies in place.
Q: Wondering if your business needs to implement these disclosures on your website?
A: The answer is yes.
A compliant privacy policy on your site is often required by law. Most states require you to have published privacy policies if you collect personal data. The need to notify website visitors about their options and how data you store is processed is a best practice standard. Even if your website is not directly or substantially generating income from data processing, if any data is collected using cookies (e.g., Google analytics, thermal tracking, form data, geolocation, demographics, and user experience information, among others), then you should have a cookie and privacy policy on your website.
Q: Does California have an additional policy for businesses located or doing business in that state?
A: The answer is yes.
The California attorney general has implemented the strictest data collection policy in the US.
California covers 11 identifiers, making it the most specific data collection policy. Those areas consist of the following:
- Personal information as defined in the California Customer Records Statute Section 1798.80
- Characteristics of protected classifications under California or federal law
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric information
- Internet or other electronic network activity information includes browsing history, search history, and information regarding a consumer’s interaction with an internet website application or advertisement.
- Geolocation data
- Audio, electronic, visual, thermal, olfactory, or similar information
- Professional or employment-related information
- Education information is defined as information that is not publicly available, personally identifiable information as described in the Family Educational Rights and Privacy Act (20 USC Sec. 1232g; 34 CFR Part 99).
- Inferences are drawn from personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Sensitive personal information
The California Consumer Privacy Act of 2018 (CCPA) was created to give consumers control over what personal information is shared when businesses collect it. Deciphering what is considered personal information versus what is not can be time-consuming. This is why having a compliance policy in place, giving the option to the consumer on what they share, is the best way to provide the consumer with control over their data.
Q: How do I make sure I do not get fined?
A: The answer is to apply a website compliance policy and give your customers control over the data you collect.
Only a lawyer can advise on specific guidance related to law. Our team cannot provide legal advice or guarantee privacy compliance with any regulation or regulatory agency; however, ensuring that users are informed about your organization and how they can contact you, how their data is processed, their rights to their data, and their consent choices, is crucial. Putting the consumer in control of their data is the best step.
In addition, ensuring that you are only collecting the most necessary data for the intended purpose is essential. It is crucial to keep data secure and stored only as long as you need it to fulfill its purpose.
A privacy policy outlining all of this, along with a consent platform for their data collection, will help you not only obtain and store information per best practices but also help ensure that you are doing your due diligence to keep your customers up to date with data usage and how to contact you, is the best first step!
Have questions? Are you ready to get your website compliant? Contact us today, and let’s get started because digital marketing services are much more than SEO. They cover every facet of your digital presence.
References:
California Consumer Privacy Act of 2018 – Full Text. https://cdp.cooley.com/ccpa-2018/
California AG Interprets “Inferences” Under CCPA. https://www.crowelldatalaw.com/2022/05/california-ag-interprets-inferences-under-ccpa/
California Consumer Privacy Act (CCPA) | State of California …. https://www.oag.ca.gov/privacy/ccpa
The eGlobal Web Solutions team is not certified Auditors. Thus our recommendations will be based on best practices by evaluating your risks and the findings per the automated and manual reviews completed. The solutions offered by eGlobal Web Solutions on your website related to data compliance are NOT intended to be legal advice. If hired, all steps will be taken to cover what was discussed in the proposal; however, eGlobal Web Solutions cannot be held liable for lawsuits arising from complaints, loss of income, or any other circumstances.