Personal data include names, addresses, card details, IP addresses, and cookies.
Often, your customers’ information is key to your business’ success. For example, it boosts marketing strategies by improving the personalization of email messages. What’s more, it clears out of misinformed activities on the website.
But, scammers nowadays collect data for fraudulent activities without the users’ knowledge. Various countries see their privacy as a right and have enacted laws to safeguard the use of data.
These laws need to disclose information on how they collect it, why they do so, and how to protect it. If you collect personal data without disclosure, you’ve violated your customers’ privacy. In some cases, you may be even sued or arrested.
Privacy laws around the world
Countries around the world have their own privacy policies according to state laws. A privacy statement can act as a disclaimer on what you will be doing with their data. This way, it can prevent liabilities charged against you – the website owner.
Also, the US enacted the Children’s Online Privacy Protection Act (COPPA). This seeks the protection of children ages 13 years old and below from websites that collect their information.
Online health and financial services have the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) to protect consumers from sharing health and financial information online.
There are also various privacy acts across Alaska, Florida, Montana, and Washington.
The country has Australia’s Privacy Principles (APP). It stands with 13 principles when businesses and entities collect personal information. According to APP, businesses should be transparent on how they collect personal information.
Also, users have the right to not identifying themselves when websites collect info. They can use pseudonyms when inputting sensitive data.
Agencies should not collect more personal information unless it’s necessary.
Likewise, if the entity is beyond the border state of Australia, but does business and collects sensitive information of Australians, that said entity, should follow the APP as well.
The European Union (EU) has the General Data Protection Regulation (GDPR) to regulate data protection to people living in the EU and the European Economic Area (EEA). The policy also states how personal data outside the borders are to collect and use. GDPR mandates use of personal data and the abidance of businesses, whether they’re from the EU or not.
Businesses should also provide measures to protect data. They are to practice upkeep, so the sensitive information is safe from public use. All entities should abide by the regulation even if the individual consents the use of data. The individual also has the right to withdraw his or her consent at any time.
Entities with data leaks should report within 72 hours to the public for any errors and solutions made to protect user privacy.
Violators are to fine with €20 million or higher.
The Personal Information Protection and Electronic Documents Act or PIPEDA governs how entities gather and use sensitive information of Canadians. It consists of 10 principles where individuals have the right to give consent.
But, what institutions are exempted from PIPEDA? The law states exemptions to certain entities that do not practice commercial activity. PIPEDA exempts hospitals, academes, and charity groups. These institutions will abide by a provincial law instead.
Some Canadian provinces don’t follow PIPEDA if they have their own privacy policies. Such as in the case of Quebec, Alberta, or British Columbia.
PIPEDA needs the user’s consent by letting them choose which information they want to share. Entities should specify the purpose of generating data also. Such in the case of sending newsletters, product offers, and general updates. Away from the original agreement could mean a breach of privacy. Last, add a policy stating how to protect the data from fraud and theft.