Sweeping consumer privacy law changes are moving quickly through the Florida legislature. Covered private businesses should act now to bring their privacy policies into compliance with the anticipated new requirements.
Below is a checklist of the top things that companies should incorporate into their privacy policies regarding to consumer data collection and selling practices.
- Florida-specific consumer privacy rights;
- Categories of personal information collected by the company;
- Categories of personal information that the company sells or discloses to third parties;
- Categories of personal information the company shares or discloses for a business purpose;
- For example, what are the reasons the company uses personal information from consumers?
- Categories of third parties who receive the collected information from the company.
Data in your company’s possession should be secured through encryption or modification which removes identifying elements of an individual consumer’s personal information and presents the data in the aggregate or in an otherwise unusable format. Once you no longer need the data, delete it!
Privacy policies should be updated at least every 12 months and must be available on your company’s website.
Additionally, retention schedules must be in place regarding the use and retention of personal information after the initial reason for collection has passed.
Non-Florida businesses should pay attention to announcements in their home states since more and more are passing similar legislation.