- To meet the disclosure requirements of new privacy laws. With over a dozen privacy bills proposed in the United States, and countries such as Canada proposing new bills as well, new privacy laws are being passed at an increasing rate. As new laws are passed, companies need to update their Privacy Policies to include the new disclosures required by such laws; and
Notifying customers of changes to Privacy Policies
You may need to obtain consent if you are processing Personally Identifiable Information (PII) under the consent legal basis of the General Data Protection Regulation (GDPR), and the United Kingdom Data Protection Act 2018 (UK DPA 2018). In addition, you may also need to obtain express consent under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) if any of the following circumstances are present:
- The PII that you collect, use or disclose is sensitive;
- The collection, use or disclosure of the PII is outside of the reasonable expectations of the individual; or
- The collection, use or disclosure of the PII creates a meaningful residual risk of significant harm to the individual.
Whichever notification method you choose, it is always important to remember that you should make an effort to notify consumers of changes to your privacy practices, especially when those practices change.
Donata is the Co-founder and President of Termageddon, an auto-updating generator of website and application policies. She is a licensed attorney and Certified Information Privacy Professional. She also serves as the Vice-Chair of the American Bar Association’s ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals. In her free time, Donata enjoys beekeeping, hunting for morel mushrooms, and walks with her husband and two dogs.