Data has become a commodity that’s worth a lot of money to marketers, advertisers, and businesses. As far as the law is concerned, if you’re going to collect (and possibly sell) PII, the people you’re collecting it from have a right to know.
1. What PII You Collect and How It’s Stored
- Social security number
- Credit card number
- Mailing address
- Billing address
- First and last name
- Telephone number
- Email address
After your site collects any of these pieces of information, is it kept on a secure server? Is it maintained in a credit card processing system? You need to inform consumers of that process so they can decide for themselves whether the information they’ve provided to you is secure enough for them—or whether they want to supply it at all.
2. Whether and How You Share PII
- Communications with customers to follow up on their orders
- Announcements or advertisements, such as email blasts or Facebook ads
- Sales to third parties
How to use the PII you collect is up to you (within legal limits, of course). No matter what you decide, however, you must inform your website visitors of your plans.
3. Handling the PII of Minors
Generally speaking, the law tends to be highly protective of minors, and regulations on collecting PII from this population are no exception. Although laws vary from state to state and country to country, they typically require that minors be given the opportunity to request removal of their PII from your database.
4. Compliance with Policies Such as GDPR and CalOPPA
Data breaches make news headlines with alarming frequency these days. Lawmakers then scramble to draft laws in response that provide consumers with more protection as new vulnerabilities are discovered. Due to the quickly changing nature of technology, these laws are constantly being enacted and revised.