That’s why step one is to review your website to see what PII you are collecting and from where. The most common places where PII is collected include:
- Subscription signup forms
- Account creation forms
- Contact us forms
- Some analytics programs such as Google Analytics.
Once you’ve determine where PII is being collected, part B of this step is to determine how you are using the (or not using) the PII you collect.
Once you’ve completed the review of your site and identified how you’re using PII, you’ll need to determine which laws apply to you.
The sad truth is, the list of US states and other countries enacting privacy laws is changing so rapidly, whatever list I include here will soon be out of date. However, as of this writing, the following states have privacy laws with which you may need to comply
- California (2 laws)
Countries that have national laws regarding privacy are:
- European Union
- Primary contact’s name and contact information
- The specific type of PII you collect
- From where you collect the PII
- How you will use the PII
You should also ensure that it states where individuals can send privacy rights requests and how soon you will respond to those. Reviewing your policy helps you develop a response strategy for consumer privacy rights requests.