Nevada
Nevada state law requires websites to give visitors the option to opt out of having their personal data sold to third parties. The website also must give customers the ability to contact the company to request that the company not sell their personal information that has been collected.
A company can add one or more of the following three communication methods to the website:
A web page or website that allows the user to make the request, such as on a form
An email address the user can click on to submit the request
A direct phone number to the company that allows someone to verbally submit a request
Nevada added another Internet privacy law in 2021, SB260, that narrowly defines the term sale when it comes to consumer data, creates new requirements for data brokers, and adds exemptions for certain entities, like consumer reporting agencies. You can view an in-depth summary on the JD Supra website at www.jdsupra.com/legalnews/nevada-gov-sisolak-signs-senate-bill-sb-5355176
.
Vermont
Like laws in California and Nevada, Vermont has a law that requires data brokers to register annually. However, data brokers need to register with the Vermont secretary of state, not the attorney general. The secretary of state website at https://sos.vermont.gov/corporations/other-services/data-brokers
has information about what is and what isn’t a data broker, a link to a data broker search, and a link to the state’s data broker law.
Virginia
The Virginia Consumer Data Protection Act, or CDPA, was passed in 2021 and goes into effect on January 1, 2023. The CDPA applies to all persons who conduct business in the state and who also meet these two criteria:
Control or process the personal data of at least 100,000 consumers in a calendar year
Derive 50 percent of gross revenue from the sale of personal data as well as control or process the personal data of at least 25,000 consumers
The JD Supra website has a good overview of what the law does, how you can prepare for it, and how to handle uncertainties about implementing the law, at www.jdsupra.com/legalnews/virginia-s-new-data-privacy-law-an-8812636
.
Setting Company Policies
If your business does business online, it’s common sense to have policies in place to make sure that your business is protected, no matter whether laws exist to protect you. That means you should seriously consider putting a privacy policy on your website that includes at least the following information:
What types of personal information your business collects
What information is shared with third parties, if any
How consumers can request changes to their information
How someone can opt out of having their data collected
Content management website platforms such as WordPress have built-in privacy policy builders. That may not be enough for what you need, however, so you may want to turn to attorneys or companies that specialize in crafting online policies. One low-cost option Eric uses for his business as well as his website clients’ sites is Termageddon (
https://termageddon.com
).
But online policies aren’t just about posting a privacy policy on your website and forgetting about it. You also need to specify the terms of service for your product, service, or content.
You also need to understand how to market your business online so that you don’t run afoul of laws designed to eliminate junk email — what you probably know as spam. (It’s no longer just a processed lunch meat or a famous Monty Python skit.)
Specifying your terms of service
You may find a Terms of Service document on a website (we show you an example in Figure 2-2), with a product or as part of the legal documentation you receive as part of a service you’ve signed up for. Most likely, you have paid scant attention to a Terms of Service document or web page because you consider it flotsam and mentally toss it aside.
If you’re running a business, however, a Terms of Service web page or document is essential if you want to protect your product, service, or web content from copyright infringements as well as from legal liabilities.
FIGURE 2-2: A Terms and Conditions page on the Butow Communications Group website.
You may see the label Terms and Conditions referred to instead as Terms of Service (or ToS), Terms of Use, General Conditions, Legal, Notes, or the standard software document EULA (short for End User License Agreement). What’s the difference between the titles Terms and Conditions, Terms of Service, and Terms of Use? Nothing. It’s just a matter of preference about what you want to use. For example, if you have a product, you may want to use the title Terms of Use because the document is about the terms of using the product.Seeing what’s needed
All these terms and conditions comprise a contract in which the owner of the product, service, and/or website states the conditions of use for the product or service. For example, this document lists rules that users must follow when interacting with one another on a social media site and specifies what will happen if those rules aren’t followed.
In your terms and conditions, you need to ensure that you have liability clauses and disclaimers, such as the fact that a website will likely go down from time to time. This is because a vital reason to have a Terms and Conditions document, no matter what you call it, is to cover your backside. If one or more users bring court action against you, your Terms and Conditions document is your first line of defense.
Comparing privacy policies with terms and conditions
Why do you need a privacy policy as well as a Terms and Conditions document? Aren’t they the same thing?
It’s true that a privacy policy and Terms and Conditions are legally binding documents. But that’s where their commonality ends.
Privacy policies are legally required in most countries. They not only protect your users but also declare your compliance with the privacy laws in those countries and, in some cases, states.
Terms and conditions, on the other hand, are designed to protect you and your business. Business owners can set their rules about how their website, service, and/or product is used — within laws set by the country and perhaps the state where you do business.
Banning spam from your company toolset
Speaking of company policies,