Table of Contents
- To meet the disclosure requirements of new privacy laws. With over a dozen privacy bills proposed in the United States, and countries such as Canada proposing new bills as well, new privacy laws are being passed at an increasing rate. As new laws are passed, companies need to update their Privacy Policies to include the new disclosures required by such laws; and
Notifying customers of changes to Privacy Policies
You may need to obtain consent if you are processing Personally Identifiable Information (PII) under the consent legal basis of the General Data Protection Regulation (GDPR), and the United Kingdom Data Protection Act 2018 (UK DPA 2018). In addition, you may also need to obtain express consent under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) if any of the following circumstances are present:
- The PII that you collect, use or disclose is sensitive;
- The collection, use or disclosure of the PII is outside of the reasonable expectations of the individual; or
- The collection, use or disclosure of the PII creates a meaningful residual risk of significant harm to the individual.
Whichever notification method you choose, it is always important to remember that you should make an effort to notify consumers of changes to your privacy practices, especially when those practices change.