Privacy policies can be intimidating if you have an online business. While they can protect you and your company from legal liability related to privacy breaches, they can be rather confusing with their legal jargon.
Are You Collecting Personal Data?
According to CalOPPA, there are two types of data collection of interest: the collection of direct and indirect data.
Collecting Personal Data Directly
If you collect personal data from your visitors this is considered direct data collection. This could be as innocent as collecting e-mail addresses for your monthly newsletter, having customers fill out an online form, or creating a customer login that requires a username and password.
Collecting Personal Data Indirectly
Indirect data collection happens when a third party collects the data. These third parties could include apps or plug-ins that you use to maintain your website. Indirect data collection can also happen when your site's visitors have their data collected by cookies or electronic data miners.
It's possible that you aren't even aware that your online presence is indirectly collecting data. It's important to protect your business against this possibility.
What Is Considered Personal Data?
Depending on where your business is located in the world, the laws may define personal data differently. For example, the U.S. and the U.K. have slightly different personal data collection laws. While they offer similar protections to their citizens, they differ in how they define personal data.
There are currently no federal privacy protection laws governing companies' collection of online data. However, many states have enacted privacy laws to govern companies within their jurisdictions or to protect residents within their borders.
CalOPPA defines the collection of personally identifiable information (PII) as any of the following:
- First and last names
- Physical addresses that include street names and the town or city
- E-mail addresses
- Phone numbers
- Social Security numbers
CalOPPA also regulates any other PII that could be used to identify someone online or in-person in conjunction with the above PII data. Examples of other identifiers may include:
- Shopping cart data
- Online activity
- User preferences
- Data from online forms
- Security answers
How likely is it that your website collects personal data?
According to the Federal Trade Commission (FTC), in 1998, 92% of surveyed commercial websites collected personal data, with only 14% providing any notice about their data collection practices. In the decades since, more websites have posted privacy policies, particularly after the 2004 enactment of CalOPPA.
In 2017, as many as 79% of websites used trackers to collect user data (such as shopping preferences) to provide targeted ads. This doesn't include the vast amounts of other ways websites can collect personal data.
So far, so good. But to be certain, here are a few questions to consider:
- Do you use Google Analytics?
- Do you have a blog?
- Do you use Google AdSense?
- Is your site hosted by WordPress or any other platform that allows users to create accounts and post comments?
Lawsuits for Personal Data Collection
In the past several years, there have been lawsuits aimed at big corporations such as Google and Facebook for their data collection practices. In early 2022, Meta, Facebook's parent company, settled a data privacy lawsuit for $90 million. Filed in 2012, this was the longest-running data privacy suit in the U.S.
In 2021, Google was sued for $5 billion in a class-action lawsuit aimed at the tracking of "private" internet use in its Incognito mode. Google failed to kill the suit in 2022 and it is currently ongoing.
But it's not just big corporations at risk of lawsuits for the covert collection of personal data — these are just the stories that make headlines.
Fines for the Collection of Personal Data
You face a more likely risk of being slapped with hefty compliance fines from data protection regulators.
For example, intentional violations of the CCPA are fined at $7,500 per event, which can add up quickly if you have many users. Unintentional violations of the act are $2,500 per event. Generally, the CCPA considers an event unintentional if there were mostly adequate protection measures in place at the time.
However, if the CCPA fines you, it opens the door for a class-action lawsuit if your customers band together to file suit after your fine. This could result in another potentially devastating economic hit to your business.
- What personal information you will collect
- How you will use the collected personal information, such as for shipping information, customer service, or general communication
- Whether third parties collect personal data and the details associated with its usage
- Whether your company shares your data with affiliated companies or others
- How you will keep the data secure
Enzuzo is easy to work with and install, and integrates into popular platforms like Wix, WordPress, Shopify, and more. We stay up to date on regulations and will keep your website, app, or e-commerce store always in compliance. Our team of experts is always available to tackle your website's privacy concerns and help you protect your brand and your customers.