Privacy Notices

Fiber optic strands
Privacy Notices

Managed Services

Frequently Asked Questions

What is a privacy notice?

A privacy notice is a statement that you, as a company, make to individuals whose personal information you process before or at the time you collect their information. Ideally, it should explain to them in a clear and concise manner how you collect, use, retain, share, and protect the personal information you hold about them. Importantly, it is not a contract and the people reading it are not “consenting” to anything in it by using your website or your services.

Do I need a privacy notice?

For most companies, providing a privacy notice at or before the time of collecting personal information is a legal obligation. Many countries, regions (like the EU), and U.S. states have laws requiring companies to provide notice of their privacy practices to their customers, employees, and others. However, the way you provide the notice, how often, and what needs to be included varies from one jurisdiction to another.

What should I include in my privacy notice?

The rules around what needs to be included in a privacy notice vary from one jurisdiction to another, so it’s important to look at the laws you need to comply with. In general, companies need to include:

  • What personal information the company processes;
  • The sources of the personal information;
  • The business purpose and/or legal basis for the processing;
  • How the business uses personal information;
  • The rights individuals have over their personal information and how to exercise them;
  • Whether the personal information is sold or shared, and with what categories of businesses it is shared/sold to;
  • How the business protects the personal information;
  • How long the business will retain the personal information; and
  • Contact information for privacy questions or concerns.
How often do I need to update my privacy notice?

Rules around updating your privacy notice are inconsistent; however, many consumer privacy laws (e.g., the California Consumer Privacy Act) require a yearly review and revision. With the proliferation of consumer privacy laws, a yearly revision has become not only legally required and a best practice, but necessary to keep up with the changing regulations!

I have a GDPR/CCPA-compliant privacy notice, I’m done right?

Not so fast! Laws, regulations, guidance, and your organization’s data handling practices are constantly changing. With each enforcement action and court decision we learn more about how privacy and data protection laws are being interpreted by enforcement authorities. It’s important that you consistently monitor your practices and the privacy landscape and regularly assess whether your privacy notice is accurate and meeting these changing obligations.

Remember, your privacy notice is a representation of your declaration to the public about your data handling practices, and any inaccurate statements within it may put you in violation of unfair and deceptive trade practice laws in addition to privacy laws. Properly maintaining it mitigates that risk and builds trust with consumers and others.

Who should write my privacy notice?

A privacy notice is a legally binding document, so it’s important that the information you put in it accurately reflects your practices and meets your legal obligations. Inaccurate statements may mean you’re in violation of deceptive and unfair trade practice laws and privacy and data protection laws.

It’s important to know what laws you need to comply with and know your data – what you collect, for what purposes, where you retain it, for how long, what you do with it, who you share it with and how you protect it. Privacy professionals are best suited to help you craft an accurate and compliant privacy notice. Having a coordinated effort between privacy, legal and security to ensure all aspects of your practices are covered is a best practice.