Website footer policy
Make sure that your link in the footer is obvious. Don’t try to hide it by putting it into small text or text that is difficult to read because the contrast level isn’t high enough. And be sure that it is visible on both desktop and mobile (if you’ve never optimized your site for mobile, now is the time! The good news is that optimizing the site will benefit your business overall, not just help you comply with privacy requirements). If you try to hide the ball with any of your required privacy disclosures, you may be committing a separate breach of privacy law by engaging in what is referred to as a “dark pattern.”
You may need to use “pop up” notices for some of your data collection practices. A pop up notice is often needed when you start doing something new or unexpected with data. Take for example a company that runs an app that helps people find coupons for restaurants or stores. Typically, the user types in the kind of coupon they are looking for and then can filter the results in multiple ways, including by city. However, the app also offers the option to turn on geolocation and get only those results within a certain radius of the user’s specific location. Specific geolocation information is considered sensitive personal data, and states will start requiring opt-in consent for sensitive personal information collection this year or otherwise regulate how it can be collected and used. This would be a situation where a pop up asking for the user to opt in to sharing their location would be appropriate. In addition to the general privacy notice, this enables you to meet the notice requirements for doing something that may be new or unexpected at the same time that it enables you to collect consent.
If your organization operates from brick-and-mortar storefronts or in other in-person locations, you may also need to provide on-site notices. At a storefront, a typical place for posting an on-site notice would include at the cash registers. This is usually an appropriate place because that is where most retailers collect personal information, including email addresses when customers sign up for rewards or other marketing promotions. Remember, no matter how you are collecting information, you need to give people notice at or before the point of collection.
Here is a hypothetical example (though you would need to customize it to reflect your situation):
In addition to signage directing consumers to your general policy, you may need additional signage if you are collecting sensitive information. Collecting video images via CCTV or other similar systems for security or other purposes does require prominent notice under privacy laws in the US. You should have visible signage informing consumers visiting your premises if you are recording them, taking photographs, or engaging in other activities that collect sensitive information. That signage should appear in the areas where the surveillance is occurring. If it is throughout your premises, the signage should be prominently displayed at the entrance so people are aware of the surveillance before they enter.
If you collect personal information over the telephone, you also need to provide notice to consumers who interact with your organization that way. This could include customers who are calling your customer support line or who are placing orders over the phone.
If you are subject to California’s Consumer Privacy Act and have any California employees, you also need to think about how you are providing notice to your employees. In addition to the general consumer notice, you need a notice for your employees, former employees, contractors, and job applicants about what you are collecting about them, what will happen with their data, why you are collecting it, and how long you will keep it. That notice needs to be given to these individuals at or before you collect their employment information.
Disclaimer: The information included here is based on best practices across industries. It should not be construed as legal advice. Placement of privacy notices requires consideration of multiple factors, as indicated in this article. Please consult counsel if you are unsure of your posting requirements.
For more information about SixFifty Privacy tools, request a free demo!