Mannix Marketing is a Full Service Digital Marketing Agency. We are not lawyers and therefore advise you to consult a professional when exploring legal matters involving privacy and protection regulations. Our hope is to emphasize the importance of Data Privacy Regulations and urge your business to take action if you are not currently adhering to the specific guidelines that may apply to you. Business Data Privacy laws and regulations in the EU and the United States are subject to change. If any of the information in this blog applies to you, we suggest you consult a legal professional for legal advice and the most up to date information.
General Data Protection Regulation (GDPR):
What is General Data Protection Regulation? GDPR is an EU law covering data privacy and protection in the EU and European Economic Area and stands as an important factor of the overall EU privacy law and human right to privacy.
Does this apply to your business? Although this question is best answered through a consultation with a lawyer who specializes in matters of privacy and protection, here are some simple things to consider when determining if GDPR applies to you.
- Is it possible that someone in the EU could purchase or order an item from your business and send or deliver that item to a non-EU resident?
- Do you cater to clients or customers that reside in the EU?
- Does your organization use website tools that track cookies or IP addresses of website visitors regardless of their location?
If you answered yes to any of the above questions, it’s best to comply with GDPR. Even though you may be a non-EU organization, you still may be in a position where it is important to prioritize and implement EU privacy and protection regulations. Some exceptions exist for organizations with less than 250 employees.
Resources to learn more about EU GDPR:
As of now, there is no official principle that covers all aspects of data protection within the United States. Currently there are eight states with bills proposed for Data Privacy Protection, and five states with complete consumer data privacy laws. We want to emphasize that while there is a possibility the laws we are discussing currently do not apply to your business, there is a chance that they could be applicable to you in the future. Below we will mention the five states in the United States with data privacy laws that are effective or soon to be.
California Consumer Protection Act (CCPA):
What is the California Consumer Protection Act? The CCPA provides consumers with more control over the information businesses collect from them, while also giving guidelines to businesses about data collection transparency. The CCPA applies to for-profit businesses that do business in California and either have a gross annual revenue of over $25 million; buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or derive 50% or more of their annual revenue from selling California residents’ personal information.
Resource to learn more about CCPA:
Colorado Privacy Act (CPA):
The Colorado Privacy Act outlines consumer privacy rights as well as companies’ responsibilities in relation to personal data protection and additionally provides the Attorney General and district attorneys the power to enforce the law effective July 2023. This law will give residents the right to exclude themselves from targeted advertising, and the consumption and sale of personal data and information. If you have the potential to reach consumers in Colorado, these laws are applicable to your business.
Resource to learn more about CCPA:
Virginia Consumer Data Protection Act (VCDPA):
Made effective in January 2023, the Virginia Consumer Data Protection Act provides potential consumers the ability to ask that businesses delete their personal data. This law is applicable to non-governmental companies and businesses in Virginia that have access to data from over 100,000 consumers, or earn a large majority of their revenue through processing personal data or selling it to other businesses.
Resource to learn more about VCDPA:
The Connecticut Data Privacy Act (CTDPA)
The Connecticut Data Privacy Act protects the personal data of state residents as they shop or search on the internet or purchase in store. It establishes standards for how data can be controlled and processed by businesses. Residents can opt-out of their data being sold, can receive a copy of their data, can delete their data, and can rectify inaccurate data. If there’s a chance a Connecticut resident could end up on your website as a visitor or consumer, this applies to your business.
Resource to learn more about CTDPA:
The Utah Consumer Privacy Act (UCPA)
The Utah Consumer Privacy Act provides consumers with knowledge of the data being collected about them, how that data is utilized, and if that data has the potential to be sold to third parties. If it’s possible that someone from Utah could land on your website or purchase your products or services it is safest to ensure your business complies with these restrictions.
Resource to learn more about UCPA:
New York Shield Act:
The New York Shield Act requires businesses that collect personal data to take action in protecting that information with cyber security. Personal data in this case is considered to be private information such as a driver’s license number, social security, finance metrics, and login information. Shield covers some aspects of privacy that users have the right to but does not implement these rights to the same level and extent as regulation programs such as the CCPA and GDPR. Therefore, a New York Privacy Act has been proposed and is under review.
The Proposed New York Privacy Act (NYPA):
What is the New York Privacy Act? This act would build upon the framework of the New York Shield Act by enforcing that businesses like yours provide consumers with a deeper understanding as to why data is collected, what data is collected, and what it will be utilized for. The law will make it easier for people in New York to have agency in giving businesses information by enforcing that businesses provide consumers “opt in” or “opt out” consent of their data. This law, if passed, would apply to businesses that conduct business in New York or specifically target New York consumers in their business objective.
It is hard to determine whether or not the NYPA will be passed but as it is in the works, it’s always good to start learning ways to make the data your business collects be more transparent, safe guarded, and protected for consumers.
Read the learn more about New York Data Privacy Laws:
Speak With Data Privacy Regulation Experts
We highly suggest you consider the ways that these laws and regulations currently or in the future could impact your business. Our best advice as always is to work internally within your company to evaluate your current state and bring in a lawyer for a more in-depth discussion on these matters. Although we are not legal experts and are not providing legal advice, after having a conversation with a lawyer, Mannix Marketing may be able to help you make changes to your website to better align with the plan of action decided upon by your team and legal professionals.