Consumer Privacy Requirements That Small Business Owners Should Be Aware Of

Small business owners are a lot more attuned to the needs of their customers than their large business counterparts. You are likely to know some or even all of your customers by name, know what they will be purchasing, and be proud of the fact that you have even turned some of your customers into friends. However, the one consumer requirement that you may not have heard about yet is the preservation and respect of your customers’ privacy. In truth, privacy has only recently emerged as a consumer requirement. Customers are so passionate about their privacy nowadays that it’s becoming a legal requirement as well. In this article, we will discuss the recent emergence of privacy, consumer attitudes toward privacy, the legal requirements that can apply to small businesses, and the future of these requirements.

If you think about consumer attitudes towards the privacy of their information online, you will probably remember that five to ten years ago, privacy was not such a big deal to most people. Yes, it was important to lawyers and academics with obscure specializations and people who thought that tin foil hats are a viable accessory. Yes, you may have wondered where your credit card information went when you clicked “buy”, but the experience of shopping online was so new and exciting that you forgot about your privacy worries way before the package arrived. Business owners copied and pasted their competitors’ Privacy Policies or some free template that they found online onto their website to never see the light of day again. And then, everything changed.

Cambridge Analytica and the Change of Consumer Attitudes Towards Privacy

In 2018, journalists broke the story that we all know today as “the Cambridge Analytica scandal.” Basically, the firm Cambridge Analytica harvested the personal information of millions of Facebook users without their consent. The company then used this information for political advertisements. This clear violation of privacy really upset a lot of consumers and brought to light the perils of providing companies with personal information. As a result, consumers changed their previously nonchalant views towards privacy and the collection, use, and disclosure of their personal information online.

The following studies illustrate the fact that consumers now see privacy as a requirement whenever they do business online:

  • 67% of Americans say that there should be tougher penalties, such as high fines, for companies that don’t protect the privacy of consumers;
  • 93% of Americans would switch to a company that prioritizes data privacy;
  • 91% of Americans would prefer to buy from companies that always guarantee them access to their personal information;
  • 52% of Americans will not use products or services that they believe have privacy issues.

This requirement to care about the privacy of consumers is significant because failing to respect it can lead to a loss of customers. The following tips can help you should your customers that you are serious about their privacy:

  • Have an up to date Privacy Policy that contains all of the disclosures required by the privacy laws that apply to you;
  • Make sure that your Privacy Policy is easy to find and that a link to it is easily visible on your website’s footer;
  • Ask consumers to agree to your Privacy Policy whenever they submit their personal information to you (e.g. when they submit a contact form or a newsletter sign up form);
  • Promptly respond to all inquiries seeking to exercise privacy rights.

It is clear that the Cambridge Analytica scandal has had a large impact on the way that consumers view their privacy online. The most interesting development perhaps is that consumers are now willing to “vote with their dollars”, purchasing from privacy-focused companies instead of their privacy-unaware competitors.

Changing Consumer Attitudes Lead to New Privacy Laws

While the Cambridge Analytica scandal focused on two large companies, consumers became concerned about the way all companies, regardless of their size, treated their privacy. While consumers choose companies that respect privacy and that way change the market, they also became increasingly concerned about the slack of legal protection for their privacy online. In fact, in a study by KPMG, 84% of respondents said that the right to delete personal information and know how their personal information is used should extend to all US citizens. These changing consumer attitudes led to increased pressure for legislators to pass privacy laws.

Because there is no overarching federal law that protects the privacy of consumers online, states have taken it upon themselves to pass privacy laws. Delaware, Nevada, and California all have privacy laws that can affect small business websites. In addition, the European Union and Canada have their own privacy laws as well. If you are not located in these states or countries, your first reaction may be a sigh of relief. But not so fast!

Privacy laws are relatively unique in that they protect consumers and not businesses. Since anyone from anywhere could submit their personal information to a website, you may need to comply with the privacy laws of other states and countries, even if you are not physically located there. For example, one of California’s privacy laws, the California Online Privacy and Protection Act applies to any website that collects the personal information of California consumers. Since any website that has a contact form can collect the personal information of California consumers, this law can apply to virtually any modern website. Thus, it doesn’t really matter where you are physically located, what mattress is whose personal information you collect, where your customers reside, and who you track through tools such as Google Analytics.

Once you determine what privacy laws apply to you, you will see that all of these laws require websites to have a Privacy Policy. Some mistakenly believe that a Privacy Policy is just a statement of “don’t worry, we won’t spam you”, but there’s a lot more to it than that. A Privacy Policy is a document that explains your privacy practices and, to comply with privacy laws, it must also include all of the required disclosures prescribed by these laws. Failing to have a compliant Privacy Policy can lead to heavy fines, ranging from $2,500 per violation to €20,000,000 or more in total. In this case, “per violation” means per website visitor whose privacy rights you infringed upon. It is easy to see how these fines can add up to a huge amount, even if you have only a few hundred visitors to your website per month.

When it comes to proposing and passing privacy laws, states are not slowing down. In fact, there are currently over 20 proposed privacy bills in the United States. While all of these bills are different, here are some similarities that you should be aware of:

  • All of these bills would require certain websites to have a Privacy Policy that makes very specific disclosures;
  • All of these bills would provide consumers with new privacy rights;
  • All of these bills would apply to businesses outside of the states in which they were proposed;
  • All of these bills would impose heavy fines for non-compliance; and
  • Some of these bills would allow consumers to sue businesses directly for violations, increasing the risk of litigation.

Due to the recent increase in proposed privacy bills, it is imperative that you don’t just have a Privacy Policy that complies with the privacy laws of today, but that you also have a strategy for keeping that Privacy Policy up to date with the privacy laws of tomorrow.

What Small Business Owners Need to Do Next

Media & Technology Group LLC Partner - Termageddon

Now that you know that your customers care about their privacy more than ever before and that having a Privacy Policy may be a legal requirement that you are subject to, you may be wondering what you should do next. The easiest way to start on your journey towards privacy compliance is to create a Privacy Policy with Termageddon. Termageddon is a generator of Privacy Policies, Terms of Service and more that will also update your policies whenever the laws change to ensure that you are always up to date. Remember, having a comprehensive Privacy Policy will help show your customers that you care about their privacy as much as you do and will help you comply with privacy laws that apply to you.