Does the Act apply to you?
As stated above, you must comply if your website or application collects “personally identifiable information.” This means any individually identifiable information, including a user’s name, email address, physical address, phone number, social security number, or any other identifiers that could permit the user to be contacted either physically or online.
- Be conspicuously posted on the website (either the policy itself or a conspicuous link to the policy);
- Contain a list of the categories of personally identifiable information collected;
- Contain a list of the categories of third parties with whom the operator may share such personally identifiable information;
- Contain a description of the process- if any exists- by which the consumer can review and request changes to the personally identifiable information collected; and
Under this Amendment, privacy policies for websites or applications are required to:
- Disclose how the website responds to Do Not Track signals from web browsers;
- Disclose whether third parties may collect visitors’ personally identifiable information on a website;
Risks of Noncompliance