As you evaluate your compliance with newly- added state policies, it can be helpful to think of your privacy plan of operation as having two sides. The front-facing side of your company with a highly visible policy for your clients through your website, and the behind-the-scenes side of your company where your unique company policies provide a structure for privacy protection. Under the recent changes within the wording of the law, your privacy policy should aim to be highly transparent to visitors to your website.
Companies are required by the Colorado Privacy Act, along with other state and international laws, to notify individuals when the business is collecting and/or storing sensitive information about them. Sensitive information includes personal data that may include names, personal identification numbers, racial/ethnic origin, religion, physical health conditions, biometric information and any other information used to uniquely identify an individual. When drafting a privacy policy, the following information must be included in the company website notice:
- The categories of personal data you may collect;
- The purpose for this collection of personal data;
- The reason collected data may be shared with third parties;
- The information that may be shared with third parties.
Your policy should also provide a contact pathway for your website visitors to exercise their rights with regard to personal identifying information, most commonly an email contact, or phone number.
Building the privacy policy of your company should involve creating a plan that is unique to your particular industry. What is appropriate for your business and what is appropriate for another business may very different from each other.
Follow our series for more information about how your company or organization may be impacted by recent changes in the legislative language of both state and international law.
Reach out to Behrends Legal for a review of your privacy policy and an assessment of your company’s compliance with Colorado law.