law and the applicable  regulations, the description provided  in a privacy policy, the language used, the
            positions  taken,  and  the  policies  set  forth  are  as  clear  an  indication  of  the  business’  data  privacy
            sophistication and posture as can be gleaned without an internal investigation of the business. And if that
            privacy  policy  has not  been updated,  uses language  that is out  of date  or improperly  addresses  data
            privacy concerns, or if the privacy policy was simply copied from some other business and, is out of place
            or otherwise ill-fitted to the business otherwise described on the website or application, it will be glaringly
            obvious to those familiar  with data privacy law. To a skilled regulator looking for a company which has
            not complied with state law, reading a website privacy policy that fails to address or improperly addresses
            consumer  rights  and  business  responsibilities  can  provide  more  than  enough  grounds  to  open  an
            investigation into the company.

            All of this regulatory activity  now makes website and mobile application  privacy policies key regulatory
            company documents.  Careful thought should be given to the preparation of these documents  as would
            be given to any other regulatory disclosure. These policies should be drafted with care by a skilled data
            privacy  professional  familiar  with  the  regulatory  requirements  at  issue  in  careful  consultation  with
            company  officials.  They  should  not  be  prepared  from  a  form  or  borrowed  from  another  company’s
            website.  These  policies  should  also  be  updated  regularly  to reflect  current  company  practices,  as an
            outdated  privacy  policy  is  an  inaccurate  privacy  policy  and  equally  troublesome  from  a  regulatory
            perspective and potentially a source of regulatory liability.

            There is no reason  to believe  that the regulatory wave  of comprehensive  state consumer  data privacy
            laws  is  going  to  do anything  but  increase.  So  it is  imperative  that  companies  carefully  consider  their
            website privacy policies now, and moving forward.

            The views and opinions  expressed in the article represent  the views  of the author and not necessarily
            the  official view  of Clark  Hill  PLC.  Nothing  in this  article constitutes  professional  legal  advice  nor is  it
            intended to be a substitute for professional legal advice.





            About the Author

            Jason M. Schwent is Senior Counsel at Clark Hill, an international  law firm.  He
            is experienced  in data privacy, intellectual  property, and litigation  making him a
            fierce advocate for his clients. His passion for protecting clients’ assets is evident
            whether negotiating a complicated enterprise software agreement with a Fortune
            100 company or counseling a client following a data breach that exposed millions
            of users’ data,

            Jason can be reached online at [email protected].











            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               64
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.