Many countries have comprehensive national privacy protection statutes that regulate how companies handle personal data. In the United States, privacy regulation does not only occur at the federal level. Instead, each state and every regulated industry has its own policies and procedures relating to collection and use of a users personal information or data.
If you’re not clear on whether your company’s actions will subject you to privacy regulation, read our previous article, Privacy Policies: Is your startup required to use one? You should also consult with an experienced privacy lawyer if you have any questions or doubts.
Here are some important tips for using policies in your startup:
- Always provide users with complete and fair disclosures regarding your company’s collection, storage, use, and sharing of any personal information. It’s true that most people don’t even bother to read the fine print when they visit a website, sign up for a service, or download an app. But that doesn’t mean you should act nefariously. Be honest with your users and build trust. Your company’s transparency and honesty will pay back in spades over time and is the best type of PR you can develop.
- Follow any special laws regarding children under 13 years of age. Laws around children’s privacy are set forth in the Children’s Online Privacy Protection Act (or COPPA). COPPA can apply to your company, even if your site or mobile app does not target children.
- Be aware of special rules regarding highly regulated industries, such as healthcare and financial services or banking. These industries have been highly scrutinized in courts and are typically held to higher standards of care when it comes to collecting, using, and handling personal information of their customers. It’s advisable to speak with a highly experienced privacy lawyer if your company’s service offerings are in a highly regulated industry. Non-compliance may lead to civil and criminal prosecution.
Companies tend to have a lot of freedom when it comes to how they collect, buy, sell, use, and exploit a user’s personal data. Subscribe to privacy alerts so that you’re aware of legal developments in your country, state, or industry.