I was probably the most annoying kid on the planet – literally always asking “why” and “how”. To the general dismay of everyone around me, I wanted to know how everything worked, from electricity to bees. How do you explain to a child what is inside of a bee in less than five minutes? No idea. Here at Termageddon, we are very fortunate to have clients who are interested in the “how” of our product, namely how we make sure that your policies are up to date with the law. And that is a question that I can answer. So grab your bee keepers’ suit and let’s go!

 

Gathering information: new laws and cases

 

There are new bills that are being proposed every day, comments on those bills and changes to the text. Currently, there are seventeen new bills in the U.S. that may affect how your Privacy Policy is written. There are also new bills that become laws and cases where judges interpret how those laws work. So how do we keep track of all of that information to make sure that nothing is missed? First, I have set up alerts on the relevant terms in Lexis Nexis (it’s kind of like Google Alerts but for lawyers). Every time there is a new bill being proposed, a new law being adopted or a case that contains any of the search terms, I get an email. Below is a picture illustrating some of those alerts and an email that I received with the relevant case law.

Obviously, just like Google, not all search results are relevant so I have to sift through the alerts to make sure that I am considering only relevant information. As any good research assistant knows, all of your information should not come from just one place. That is why I am also a member of the Illinois State Bar Association’s Corporate Law Council, which helps me keep up to date with corporate, technology and privacy laws throughout Illinois and the rest of the United States. Lastly, as I am a Certified Information Privacy Professional, I get access to the International Association of Privacy Professionals’ resources. For example, the IAPP provides a privacy law comparison table (see below) that provides helpful information about all privacy bills that are being considered or have become law in the United States.

 

The IAPP is an absolute wealth of information and also provides a list of all GDPR enforcement actions, which can be found here. I often perform Google searches and searches of Data Protection Authority websites for new GDPR-related decisions. Lastly, I also keep up to date with the laws that govern Terms and Conditions and our other policies in the same ways.  

 

Gathering information: government guidance

While it is important to keep track of new bills, laws and cases, it is also important to follow government guidance and interpretations as well. Government agencies provide invaluable advice as they will often tell you what will be enforced and how. I am a frequent visitor to the Federal Trade Commission’s blog as the FTC ensures that businesses take consumers’ privacy seriously and do not injure consumers with deceptive claims. For example, do you know why Termageddon’s Terms and Conditions do not ask you whether you want to prohibit your customers from leaving bad reviews on your business? We don’t include this option because doing so violates the Consumer Review Fairness Act, which can get you in big trouble. See below for a snapshot of one of the FTC’s blog posts about this topic. The whole post can be found here. Quick note: their blog is the most wholesome and funny writing I’ve ever had the pleasure to read.

You can often find me lurking on other government websites such as the states’ Attorney Generals’ websites, the Information Commissioners’ Office website and Data Protection Authority websites.

 

Gathering information: articles and opinions

Lastly, I keep up to date with opinion pieces and articles that discuss privacy and technology, industry takes on privacy and information on what the general public thinks of the privacy protections in place today. This would include websites such as Techcrunch, The Verge, Electronic Frontier Foundation, IAPP and news websites. Knowing the general feel of the industry and the public on privacy and technology helps me understand trends in enforcement and legislative action and allows me to understand and reflect on where our industry is going in the future.

Updating your policies

It is important to note that I perform all of the above actions not just for Privacy Policies, but also for Terms and Conditions, End User License Agreements and Disclaimers. After I gather all of the information, I decide whether or not updates to the policies are required and then I update them. Stay tuned for a blog post on how that’s done!

 

Protect yo’ self,

Team Termageddon