YES, you do!
There are two main forms of enforcement in the U.S. regarding privacy notices. Since the early 1970s, at the Federal level, the Federal Trade Commission has taken on this role. Enforcement done at the state level is by the relevant attorney general office. In growing circumstances the private right of action, the ability for an individual or group of individuals to pursue legal action to enforce their rights, has become of significant importance.
What is Personal Information?
Personal information (PI) is any material that can identify another person.
Examples of PI include credit card numbers, social security numbers, bank account numbers, driver license numbers and more.
- • Who is the owner.
- • What data is collected?
- • How is that data collected?
- • The reason for the collection. These include consent, necessary for your service, legal obligation and others.
- • For which specific purposes are the data collected? Analytics? Email Marketing?
- • The categories of sources from which you collect consumers’ personal information.
- • Which third parties will have access to the information? Will any third party collect data through widgets, social buttons and integrations for example Facebook.
- • Where applicable, details relating to cross-border/ overseas data transfer and which measures are in place to facilitate this in a safe and compliant way.
- • What rights do users have? Can they request to see the data you have on them; can they request to rectify, erase or block their data?
Remember the five golden rules of writing a great privacy notice:
- Do not hide
- Match your data practices
- Ask for consent
- Make it short and relevant