Depending on the size of your business, what you do, and how you do it, you may face many state and federal laws and regulations concerning privacy and the consequences of specific data being stolen. Our friends at Focus Law LA will tell you that you must address these issues whether you are facing legal mandates or not because a breach or loss of information could severely damage your business, clients, customers, and contractors.
This area of law constantly evolves as security threats grow and change. States are not waiting for Congress or federal agencies to act on these issues. Several have their own set of privacy and security laws.
Does Your Business Use Or Possess Sensitive Data?
This includes information related to biometrics, geolocation, consumer health, or children. If so, you may need to offer opt-in consent or specific notices to those affected. Some state laws require consent before you can process sensitive personal data in given circumstances and that you assess your data protection measures.
Do You Use Targeted Advertising, Third-Party Pixels, Or Cookies?
They are:
- Targeted advertising: Online advertising focuses on a consumer’s interests, traits, and preferences. This information is developed by tracking individuals’ internet activity
- Third-party pixels: Tiny images sending data to a third-party server when they’re loaded on a web page
- Cookies: These data bits are sent to and from your web browser to identify you. When you use a website for the first time, a cookie is created and placed on your device. Cookies are used to try to determine your preferences for what you want to see, read, or buy
If your company uses these tools, you may have state privacy laws to contend with, including giving users opt-out options and ensuring your privacy notices are consistent with your practices. Federal agencies have warned entities involved in healthcare that using these tracking tools poses privacy and security risks.
Do You Use Automated Processing Or Decision Making?
If so, be aware of unintended consequences. You must closely review it if you’re processing personal data to evaluate, analyze, or predict a consumer’s actions or preferences. You must ensure it operates fairly, including providing adequate notices to consumers, given how and when people enroll in the system, and see if the results could show illegal bias against certain groups. State privacy laws may require you to give consumers the choice of opting out of automated processing.
Using artificial intelligence to select job or promotion applicants could be illegal if it results in discriminatory employment actions.
Do You Make Calls Or Send Text Messages Through An Automated Dialing System Or Use An Artificial Or Prerecorded Voice?
If so, you must comply with the federal Telephone Consumer Protection Act. It restricts some calls to wireless and residential telephone numbers without the prior, express consent of the party being contacted or for an emergency. Some calls are exempted from these restrictions. A new federal rule is meant to limit their uses by lead-generating companies. The Federal Communications Commission enforces the law and allows for private causes of legal action.
What Notices Will You Need To Make If There’s A Breach In Security?
All states, Puerto Rico, the District of Columbia, and the Virgin Islands have laws requiring notification of personal information security breaches. A corporate transaction lawyer will tell you that other laws or regulations may apply depending on the type of information involved. If the breach harms another, and they can show your company’s negligence caused it, you may be sued to recover their losses.