Legal and data protection research writer at TermsFeed.
On this page
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
Customers buy from businesses that they know, like, and trust. It's a cliche in today's world because that statement's been so often repeated. However, it's been reiterated over and again because it's simply true.
How many times have you seen the mission statements or "values declarations" of other businesses where they seem to put the words "honesty, trust, and transparency" in flashing neon lights? At the very same time, how many times have you seen businesses operate in a fashion that puts the lie to their public-facing words?
Why do you think that is?
Well, according to an EY global fraud survey discussed on Entrepreneur, it's because business owners and executives think they can get away with bad behavior.
Holding any of the following views could cause your business a world of hurt:
- I won't get caught
There are a host of state privacy and data protection laws as well as regulations enforced by the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) that could land you in hot water.
Google messed up and got itself into a difficult situation by ignoring privacy provisions in the CCPA. Again, we'll talk about that in a minute. The point is that there are many laws now in effect designed to protect the consumer.
Allow us to take you on a trip down memory lane.
In recent years, both the FTC and the FCC not long ago moved against businesses that violated privacy regulations, which resulted in substantial settlement terms. With regard to the FCC case, businesses that violated their own Privacy Policies received multi-million dollar fines.
Just some of the companies that have felt the long arm of the FTC due to unfair or deceptive trade practices, and for allegedly making misleading statements in Privacy Policies, include Fandango, Credit Karma, GMR Transcription Services, and Snapchat:
"According to the FTC's complaint, Snapchat made multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked.
"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," said FTC Chairwoman Edith Ramirez. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.""
Business owners should note that in order to get an FTC action resolved, they usually need to sign a consent order. That order would then require them to:
- Set up extensive security programs with the intention of addressing security risks during the development of applications, products, or programs
- Go through independent security assessments, which take place every other year for a period of twenty years
- Ensure there are no more misrepresentations concerning security or privacy
- Understand that the company will be found in contempt of court if an assessment finds that the business owner has failed to comply with all terms of the consent order at any time over the course of the next twenty years
Examples of companies that ostensibly failed to safeguard personal data (one case involved over 305,000 consumers) and that faced huge fines from the FCC include TerraCom and YourTel. Back in 2014, these companies argued that they indeed had measures in place to guard customer data, and they had published Privacy Policies regarding those measures.
However, the FCC apparently discovered that for over a year these organizations had stored customer data in a way that would allow anyone to access and view it by using the internet.
Google and the CCPA
All the troubles businesses faced, which we've mentioned so far, were due to violations of older privacy laws.
However, ever since 2016, when Europe's comprehensive General Data Protection Regulation (GDPR) was passed, countries worldwide, including the USA, began passing increasingly harsh legislation. Lawmakers started focusing on establishing and enforcing broad privacy and security protections for consumers.
Many companies have argued that adherence to these new regulations could hurt profits and in some cases, might force them to stop doing business altogether in certain regions.
In the USA, the most exhaustive law in this regard is California's Consumer Privacy Act (CCPA), as amended by the CPRA, which we mentioned Google has now been accused of violating.
Many consumers and lawmakers had already started to take a hard look at Google due to supposed transgressions against user privacy, especially when it came to their maps and search services.
However, the new class-action lawsuit focuses on the alleged use of Google's "lockbox" program by Google employees to spy on Android users.
According to the plaintiff, Robert McCoy, the spying motive was to give Google an edge over apps like TikTok, which was developed by ByteDance Ltd., one of Google's competitors.
Since honesty and transparency are paramount in today's business climate, business owners must ensure that their privacy practices are up-to-date and match what's written in their Privacy Policies.
All of the above is easier than you may believe. There is no reason that any company should compromise compliance with laws such as the ones mentioned here.
In particular, go over issues such as:
- What private, sensitive data does your business gather?
- How does your company use the private information it collects?
- What security measures have you implemented to protect users' private data?
- How long do you keep private information once you've collected it?
- Where is a user's private information stored?
- Do you sell user data? If so, to whom?
- Do you share user data? If so, with whom?
- Do you give access to user data to any third parties? If so, why?
- Do you collect geolocation information?
- Do you let users know how they can correct information if they believe it is inaccurate?
- Do you let users know how they can have their information deleted entirely?
Announce that you have security procedures in place to keep data as safe as possible, like this clause:
Share your contact information so users can contact you in a variety of ways:
Learning From the Past, Looking to the Future
Over the years, there have been many examples of businesses that won on a temporary basis by gaming the system. They covered their tracks with legal documents and believed that no one would look behind the curtain to see if their business practices matched their public statements.
However, winning streaks like these have almost always been short-lived, with the downfall of giants like Enron used as cautionary tales. In case you aren't familiar with the case, Enron was once considered one of America's leading and most innovative companies. Its CEO had relationships with individuals in the highest of the United States' social circles.
Yet all of that came crashing down, and Enron's CEO was publicly disgraced when it was discovered that the company's success was built on a web of lies. The company's leaders' business practices in no way mirrored the information they provided to regulators or their customers.
When Enron fell, its crash affected thousands of people. The company's shares went from an all-time high of $90.75 to a pathetic $0.26 when it went bankrupt.
Don't let that be you or your business. Err on the side of caution and openness. In 2020, you must do what it takes to be seen as an organization that prizes honesty, integrity and transparency above all.