It's a statement that explains what kind of information you're collecting from your website visitors/app users, and what you actually do with that information.
You'll need to list all of the types of personal information that you collect like names, marital status, credit information, or IP addresses that show where your site visitors are located.
CalOPPA protects every consumer/website visitor/app user in the state. However, the power of this law doesn't end there. If you run a website that's visited by people who live in California -- even if you've never set foot in California -- you're bound by this law.
Here's what lawmakers in the Golden State say:
"CalOPPA applies to any person or entity that owns or operates a commercial website or online service that "collects and maintains personally identifiable information from a consumer residing in California who uses or visits" said website or online service. CalOPPA does not apply to Internet service providers or similar entities that transmit or store personally identifiable information for a third party."
In 2012, CalOPPA was expanded to include apps that California residents were downloading. The app providers were given 30 days to begin adhering to CalOPPA, and the ones who didn't were fined $2,500 each time their app was downloaded.
The Federal Trade Commission (FTC) has made consumer privacy a priority since the 1970s. These days, the FTC takes legal action against companies that do not adhere to their privacy policies by charging business owners under Section 5 of the FTC Act.
Thanks to Section 5, the FTC has broad powers. Specifically, it can investigate unfair and deceptive acts and practices in or affecting commerce. Since "unfair" and "deceptive" are such broad terms, the FTC can bring all kinds of charges against website operators that are allegedly trying to deceive their site visitors and customers.
For example, in 2017, VIZIO agreed to pay $2.2 million after the FTC and the State of New Jersey went after the television manufacturer for collecting data from 11 million smart TV users without their knowledge or consent. In addition to the settlement, VIZIO was ordered to delete all of the data it collected before March 1, 2016.
Furthermore, the Data Protection Act says that personal data cannot be transferred to any country or territory that does not fall under EU Directives, unless there is an "adequate protection for the rights and freedoms of data subjects" in the location in question.
In order to comply with a 2011 EU Directive, the UK created The Cookie Law, which gives website visitors a choice as to whether or not their personal data is collected. Even though it's named for cookies (the small data files that are placed on websites to collect visitors' information), the law also applies to Flash, HTML Local Storage, and other technology that operate similarly to cookies.
The Personal Information Protection and Electronic Documents Act (PIPEDA) affects website and app owners.
However, PIPEDA only applies to organizations that are engaged in commercial activity. So if you run a non-profit or a charity group website, you won't need to worry about complying with it.
If you own a website in Australia, you're bound by The Privacy Act 1988. Under this law, personal information is defined as:
"Information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable."
The most common examples of this information are:
The Privacy Act contains 13 Australian Privacy Principles (APPs) that all government, private sector, and non-profit organizations have to follow. Included in these APPs are regulations that apply to how private information can be collected, used, and disclosed, how to make sure that the data is quality information, how people can access and correct their personal information, and how people have the right to act anonymously or under a pseudonym in certain situations.
In 2018, the General Data Protection Regulation (GDPR) went into effect and has strict requirements for anyone who collects any personal data from individuals located in the EU.
Other areas include in top or side menus or link lists.
The best tip we can offer is to make yours easy to understand and well-organized.
You can add a linked table of contents if you want, which helps readers navigate your Policy easier. This is especially helpful if your Policy is very long.
Consider using bullet points, lists and lots of separate headings to break up the Policy text.
Write short, easy to read paragraphs that are written in simple, basic language.
For example, a Terms & Conditions page might forbid users from abusing the website in any way, or it may say that a user's account will be deactivated if he does anything to violate the website's copyright.
Unlike Privacy Policies, you're not legally required to put a Terms & Conditions page on your website/app, but it's a good idea to do so. That way, everyone will know exactly what's expected of them.
Just like a Terms & Conditions page, you're not required to have a Disclaimer page, but you may feel more comfortable having one.