Update Your Privacy Policy Now to Avoid Costly Penalties


Sweeping consumer privacy law changes are moving quickly through the Florida legislature. Covered private businesses should act now to bring their privacy policies into compliance with the anticipated new requirements.

Below is a checklist of the top things that companies should incorporate into their privacy policies regarding to consumer data collection and selling practices.

5 Must-Haves for Your Privacy Policy:

  • Florida-specific consumer privacy rights;
  • Categories of personal information collected by the company;
  • Categories of personal information that the company sells or discloses to third parties;
    • The privacy policy should include the ability for consumers to “opt-out” of the sale or disclosure to third parties.
    • If none, the privacy policy should specify that no personal information is sold or disclosed.
  • Categories of personal information the company shares or discloses for a business purpose;
    • For example, what are the reasons the company uses personal information from consumers?
    • If none, the privacy policy should specify; and
  • Categories of third parties who receive the collected information from the company.

If your company sells consumer data to third parties, you must have a link on your privacy policy and/or website that permits consumers to “opt-out.” It must also allow them to select “do not sell or share my personal information” with third parties.

Consumers may request a free copy of their personal information collected by the company up to twice a year. Companies must provide consumers with two different ways to access this information, such as through a link from the privacy policy and by calling a central number and making a request.

Additionally, the privacy policy should give consumers a link to request deletion of their personal information or to request a correction for data that is incorrect.

Data in your company’s possession should be secured through encryption or modification which removes identifying elements of an individual consumer’s personal information and presents the data in the aggregate or in an otherwise unusable format. Once you no longer need the data, delete it!

Privacy policies should be updated at least every 12 months and must be available on your company’s website.

Additionally, retention schedules must be in place regarding the use and retention of personal information after the initial reason for collection has passed.

Non-Florida businesses should pay attention to announcements in their home states since more and more are passing similar legislation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Lowndes | Attorney Advertising

Written by:


Lowndes on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.