Privacy Policies and Data Collection are a hot topic in the news. You may have already received emails from other businesses or organizations to your personal accounts letting you know that they have updated or posted their privacy policies. We are sending this communication to let you know of some recent WordPress updates related to this topic, offer some clarity on these laws, and let you know how we can partner with you to make updates to your site with regard to your business’s or organization’s Privacy Policy.
Is a Privacy Policy required?
The Privacy Policy agreement is the legal document or legal statement that discloses the important information to your users regarding use of their personal information:
- What personal information you collect from your users. Personal information can include any data that can be used to identify an individual, such as email addresses, mailing addresses, location data, or a user’s first and last name.
- Why you collect this personal information
- How you use this personal information and whether you allow any third parties to use the information
- IF your site markets to or is directed toward children 13 years or under, then you have a responsibility to include specific details in your privacypolicy per the Children’s Online Privacy Protection Act (COPPA).
This legal agreement is required by law in a number of countries.
- In the United States, the Federal Trade Commission (FTC) regulates provisions and sets forth guidelines and recommendations for how businesses can protect consumers’ privacy. The following list mentions some cases where posting a privacy policy may be required by law:
- If you are collecting personal information from any California residents, California state law requires you to post a privacy policy.
- If you process credit card transactions online, your credit card processor may require you to post a privacy policy as a part of your merchant agreement.
- If your website is directed towards children or collects personal data from children under the age of 13, federal law requires a privacypolicy that follows strict guidelines.
- If your website is a financial institution (and this includes retail stores that extend credit to their customers), federal law requires you to post a privacy policy.
- If you are a health care or plan provider, such as a doctor or pharmacy, federal law requires you to post a privacy policy.
- In the European Union, the The European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018. It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.
You should consult with legal and other professional counsel regarding the full scope of your compliance obligations. Generally speaking, however, if you are an organization that is organized in the EU or one that is processing the personal data of EU citizens, the GDPR will apply to you. Even if all that you are doing is collecting or storing email addresses, if those email addresses belong to EU citizens, the GDPR likely applies to you. - In the UK, the Data Protection Act of 1998 (DPA) governs laws on data privacy and data protection.
- In Canada, it’s PIPEDA.
- In Australia, it’s the Privacy Act.
Ask yourself these questions:
The first thing to do is to take time to understand the nature of the personal data and information you hold.
- What kind of data and information does your company create and collect?
- How do you use it all?
- With whom do you share it?
WordPress 4.9.6 Privacy & Maintenance Release
In light of recent policy changes in the European Union, WordPress has issued a release to assist website owners in complying with these new laws:
- Site owners can now designate a privacy policy page. WordPress has created a guide with a suggested template and language for this page to assist in getting started.
- Logged-out commenters will be given a choice on whether their name, email address, and website are saved in a cookie on their browser.
- Site owners can export a ZIP file containing a user’s personal data, using data gathered by WordPress and participating plugins. Site owners can also erase a user’s personal data.
Happy to help.
Although new EU policy took effect on May 25, we anticipate that there will be a grace period for businesses to post privacy policies, notify their subscribers, and become compliant with the law. If you believe you are impacted by GDPR or another U.S. regulation, please reach out to one of our team members or contact us now.
Call us at 636-946-3525 and/or email us to learn how we can help!