Most companies base their privacy policies on existing laws, such as the California Online Privacy Protection Act, the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) and even Google Analytics, a third party that requires privacy disclosure. While this is a great starting place, companies should analyze their data collection practices and make sure that reality is reflected in the policy. Key elements of privacy policies include information about the business, including contact details; the types of personal data that is collected; how the data is used; whether and how it is shared with third parties; and what the company does to protect personal information. In addition, companies that are governed by the CCPA may include a description of consumer rights, such as the right to notice of collection; the right to access the information collected; the right to opt-out or into the sale of personal information; the right to request deletion of personal information; and the right to equal services and prices when the consumer exercises those rights.
