Currently, when a consumer experiences a breach of certain information, state laws require businesses to contact those affected, as well as notify consumer protection agencies and media organizations. However, as the problem of data security continues to grow, some states are enacting additional laws that require companies to develop safeguards for any and all secure, personal information used.
In California, for example, the California Consumer Privacy Act (2020) will require businesses to secure private data, notify consumers of a breach, and also develop programs to manage a comprehensive set of consumer and employee rights. Once a consumer requests access to their personal information, the CCPA also imposes a one-year-long “lookback period” and mandates that the business provides certain responsive materials.
Federal Privacy Laws
The federal government does have some protections in place for consumer privacy. The Federal Privacy Act (1974) protects the unauthorized disclosure of personal information held by the federal government. Similarly, the Fair Credit Reporting Act protects any personal information that is collected by consumer reporting agencies. However, with the increase of privacy reform happening at the state level, it’s anticipated that the federal laws will also be updated – and soon.
Georgia’s Consumer Privacy Laws
Here in Georgia, there are consumer protection laws in place concerning fair business practices. Our state also has laws in place related to health data privacy, student data privacy, and notification requirements in case of a personal information breach. Georgia, however, has not yet enacted a law directly related to online, digital data privacy.
Being Proactive About Data Protection For Businesses
With privacy reform on the horizon, businesses will have significant opportunities to implement new policies and procedures to ensure consumer protection and legal compliance. It is important to be proactive and begin reviewing your current methods of data collection today. Some questions to consider include:
- What is your target market? (Does it include minors or extend outside the U.S.?)
- What kind of consumer information do you collect?
- How do you collect this information?
- Do you use third parties to advertise, collect, or analyze information?
- Do you sell products on your business website?
- Can consumers post comments to your website?
- Can consumers upload photos or documents to your website?
- Do you send emails or text messages to your subscribers or consumers?
- Are areas of your website password protected?
- Do you have a mobile app?
Contact an Experienced Business Attorney
If you have additional questions about Georgia’s privacy laws or consumer protection, please call our office at (770) 933-9009 or contact us online. Atlanta, GA attorney Brian M. Douglas assists clients in all areas of small business law, corporate law, and business planning.