Sandra Jeskie
Sandra Jeskie, a partner at Duane Morris, said outside of the [California Consumer Privacy Act], the U.S. still doesn’t have many laws limiting companies’ ability to share user data or outlining requirements for privacy policies. But that is likely to change, she added, as federal legislators debate a national data protection law. Many states are in the process of creating their own legislation.
“People have seen GDPR, they’re now seeing [CCPA], and of course there’s been some very significant, high-profile data breaches of information,” Jeskie said. “Certainly, legislators are much more cognizant of the privacy protections, and I think we’re starting to see a change in the U.S. consumer version of what information should be protected and not. We’re seeing some momentum for a national privacy law.” …
As legislators and consumers grow more aware of potential cyber risks, it’s important for companies to understand what user data they’re collecting, why they’re collecting it and how they’re sharing and storing it, Jeskie said, so they’re able to share that information with users.
She noted privacy policies may change over time as the company launches new products and features. Customers need to be notified when that happens.
“In the [CCPA], in the privacy policy itself it’s required that you have to describe the process by which you’re going to notify consumers, to the extent that they have material change to the privacy policy,” Jeskie said. “So if you’re doing something that is different, sharing additional information … when you have those kinds of changes, you really need to make sure that you present that notification.”
Reprinted with permission from The Recorder, © ALM Media Properties LLC. All rights reserved.