Why Have a Privacy Policy?

Privacy has been a hot legal issue for years, and the temperature is moving even higher.  Companies with websites and mobile applications are now targets for privacy compliance investigations.  Governmental enforcement actions and class action suits have become ever more common.  One common trigger is a data privacy or security breach.  Surprisingly, in 2013, another common trigger is the lack of a privacy policy.  Yes, there are some companies that create online services or Internet applications collecting personal information from consumers in 2013 and yet have no privacy policies.

California’s Online Privacy Protection Act (OPPA) of 2003 requires commercial websites or online services that obtain personally identifiable information about California consumers to post their privacy policies.  “Personally identifiable information” includes a first and last name, address, email address, telephone number, social security number, or any other identifier that permits physical or online contacting of a specific individual.  Accordingly, the definition of “personally identifiable information” is quite broad, and beyond the scope of the security breach notification laws in California and other states.  Violations of the law can occur even if the website operator or online service provider did not knowingly or willfully fail to comply.

OPPA not only says that operators of online services must have privacy policies, it also says that these privacy policies must cover certain topics.  A privacy policy must identify the categories of information collected by the operator, the categories of others with whom the operator may share the information, any means for the consumer to review and request changes to the information, the process to notify consumers of changes to the policy, and the effective date of the policy.

None of these requirements is new.   They are standard fare for privacy policies.  For instance, Federal Trade Commission has long published information about these topics in its guide to fair information practice principles.

In sum, online services that collect personally identifiable information from California consumers and have no privacy policy are violating OPPA and are risking lawsuits and governmental enforcement actions.  Even if a service has a privacy policy, if it is inaccurate, the service may be violating laws against unfair and deceptive trade practices.  Areas of greater risk include companies that collect certain kinds of information, such as geolocation information, without notifying the user first.  Also, companies that share information with third parties, but do not warn the user, are at risk.  The bottom line is that online services should review their privacy practices, write a privacy policy if they don’t already have one, update their privacy policies to match changes in law and their circumstances, and make sure their policies match their information practices.

StevenSWu3

Attorney Stephen Wu is a partner in the law firm of Cooke Kobrick & Wu LLP in
downtown Los Altos.  He can be reached at (650) 917-8045 or at swu@ckwlaw.com.

 

 

Read More

Are Unified Communications Right for Your Business?

Unified communications (UC) solutions refer to a combination of voice, data and business applications that enable employees to access and utilize communications without regard to location or type of device. The biggest benefit for small- to medium-size companies is the cost savings that comes from consolidating equipment and services and centralizing network management for data, video and voice.  In this way, you can integrate real-time communication services with non-real time communication services.

In addition to cost savings, UC solutions increase employee productivity in several ways. For instance, employees with smart phones, as well as those working at remote, distributed locations, are able to access complete business telephony capabilities using a common interface regardless of the device they use. Making mobile devices extensions of the enterprise network helps enhance employee responsiveness to customers. Also, higher quality voice, video, and web conferencing enhances the overall conferencing experience for employees as well as customers. The wide range of products available in the network communications space provides a unified user interface and user experience across multiple devices and media types.

UC solutions can also help your company increase innovation across the enterprise by integrating collaboration into applications and business processes. This can lead to shorter sales and customer service cycles, reduced time-to-market and the ability to adapt more quickly to market changes.  Integrated communication methods help to accelerate business processes and help your business more efficient, with faster time to revenue.

According to technology research company, Gartner, most enterprises take a longer-term approach to UC. They start by defining strategy and direction, then determine the most effective way to deliver this while controlling costs and leveraging existing investments. In the coming year there will be much progress on what business processes are being communications-enabled and where the potential remains untapped.   It is truly an exciting and up-and-coming space to investigate for  your business.

Adrianne Wong, Owner TeamLogic IT

Adrienne Wong

Adrienne is co-owner of TeamLogic IT in Mountain View. She can be reached at (650) 204-3153 or by email at awong@teamlogicit.com.

Read More