Transparency. Say what you do and do what you say. The FTC has taken the position that if a company discloses a privacy policy, it must comply with it. Retroactive Material Changes to Website Privacy Policy. It is a potential violation of the FTC Act for a company to retroactively make material changes to its privacy policy without providing consumers with notice of those changes and the opportunity to opt out of the new privacy policy. Consent Requirements. Although the FTC Act does not expressly address consent, website operators that revise their privacy policies should obtain affirmative express consent (that is, allow consumers to opt-in) before using their data in ways that are materially different from the privacy policy that was in effect when the data was collected. Individual Access to Collected Data and Right to Correct or Delete Data. The FTC Act and most federal and state privacy laws, (with the exception of HIPAA and some California laws) do not provide individuals with specific rights to access or correct their personal information. COPPA is enforced by the FTC and requires that website operators allow parents to: 1) view the personal information collected by a website about their child; and 2) delete and correct that information. Note that COPPA applies to children under the age of 13. The White House’s 2012 Consumer Data Privacy Bill of Rights contained in the report Consumer Data Privacy in a Networked World states that, “companies also should provide consumers with reasonable access to personal data that they collect or maintain about them, as well as the appropriate means and opportunity to correct inaccurate data or request its deletion or use limitation.” New laws such as the GDPR and CCPA are including such rights to access and delete personal data.
25
Made with FlippingBook - Online Brochure Maker