Page 64 - Cyber Defense eMagazine August 2023
P. 64
law and the applicable regulations, the description provided in a privacy policy, the language used, the
positions taken, and the policies set forth are as clear an indication of the business’ data privacy
sophistication and posture as can be gleaned without an internal investigation of the business. And if that
privacy policy has not been updated, uses language that is out of date or improperly addresses data
privacy concerns, or if the privacy policy was simply copied from some other business and, is out of place
or otherwise ill-fitted to the business otherwise described on the website or application, it will be glaringly
obvious to those familiar with data privacy law. To a skilled regulator looking for a company which has
not complied with state law, reading a website privacy policy that fails to address or improperly addresses
consumer rights and business responsibilities can provide more than enough grounds to open an
investigation into the company.
All of this regulatory activity now makes website and mobile application privacy policies key regulatory
company documents. Careful thought should be given to the preparation of these documents as would
be given to any other regulatory disclosure. These policies should be drafted with care by a skilled data
privacy professional familiar with the regulatory requirements at issue in careful consultation with
company officials. They should not be prepared from a form or borrowed from another company’s
website. These policies should also be updated regularly to reflect current company practices, as an
outdated privacy policy is an inaccurate privacy policy and equally troublesome from a regulatory
perspective and potentially a source of regulatory liability.
There is no reason to believe that the regulatory wave of comprehensive state consumer data privacy
laws is going to do anything but increase. So it is imperative that companies carefully consider their
website privacy policies now, and moving forward.
The views and opinions expressed in the article represent the views of the author and not necessarily
the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is it
intended to be a substitute for professional legal advice.
About the Author
Jason M. Schwent is Senior Counsel at Clark Hill, an international law firm. He
is experienced in data privacy, intellectual property, and litigation making him a
fierce advocate for his clients. His passion for protecting clients’ assets is evident
whether negotiating a complicated enterprise software agreement with a Fortune
100 company or counseling a client following a data breach that exposed millions
of users’ data,
Jason can be reached online at [email protected].
Cyber Defense eMagazine – August 2023 Edition 64
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.