- Phone numbers;
- IP addresses; and
- Physical addresses.
Websites commonly collect PII through the following features:
- Contact forms;
- Email newsletter sign up forms;
- Account creation forms;
- Checkout forms; and
- Analytics services such as Google Analytics.
- California Online Privacy and Protection Act of 2003 (CalOPPA);
- California Consumer Privacy Act (CCPA);
- Delaware Online Privacy and Protection Act (DOPPA);
- Nevada Revised Statutes Chapter 603A;
- General Data Protection Regulation (GDPR);
- United Kingdom Data Protection Act (UK DPA 2018);
- Personal Information Protection and Electronic Documents Act (PIPEDA);
- Australia Privacy Act 1988;
- Colorado Privacy Act (effective in 2023);
- Virginia Consumer Data Protection Act (VCDPA – effective in 2023);
- Quebec Bill 64 (effective in 2023);
- Utah Consumer Privacy Act (effective in 2023); and
- Connecticut SB6 (effective in 2023).
Privacy laws are unique in that they protect consumers and not businesses and can thus apply to businesses outside of the states or countries in which the laws are passed. For example, CalOPPA applies to any commercial website that collects the PII of residents of California, regardless of where the business is actually located. Nevada’s privacy law applies to anyone that has customers in Nevada, also regardless of where the business is actually located. When determining what privacy laws apply to you, you should ask:
- Where do you do business?
- Whose PII are you collecting online?
- Where do your customers reside?
- To whom are you offering goods or services?
- Who are you tracking online through services such as Google Analytics or cookies?
- 7 in 10 Canadians refuse to provide PII to a company over privacy concerns – Office of the Privacy Commissioner of Canada;
- 40% of consumers are concerned about what happens to their PII when shopping online – Empathy.co;
- 93% of Americans would switch to a company that prioritizes privacy – Axios;
- 83% of US voters want Congress to focus on privacy in 2021 – Morning Consult;
- 67% of Americans say that there should be tougher penalties, such as high fines, for companies that do not protect the privacy of consumers – Consumer Reports.
Donata is the Co-founder and President of Termageddon, an auto-updating generator of website and application policies. She is a licensed attorney and Certified Information Privacy Professional. She also serves as the Vice-Chair of the American Bar Association’s ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals. In her free time, Donata enjoys beekeeping, hunting for morel mushrooms, and walks with her husband and two dogs.