There’s a lot to consider when creating a website, especially when using the website builder WordPress. What will your color scheme include? What will the menu options contain? How does the user experience flow? Does it work on every browser type?
Website cookies, contact forms asking for your email address, payment transactions—there are dozens of ways that websites collect user data. Even your dedicated WordPress hosting website collects data.
Try our Award-Winning WordPress Hosting today!
Violating WordPress’ terms of service can result in your website and account being suspended or ultimately terminated.
In 2018, Virginia and California proposed two bills addressing online privacy. In 2021, the number of online privacy bills jumped to 27.
In recent years, more and more people have become concerned about their online privacy and what companies do with their user data. Whether browsing Nike for new shoes or TrustRadius for an alternative to RingCentral, individuals want to know that their data is protected. As this sentiment grows, more laws and regulations are being introduced.
Adopted in 2016 and enforceable from 2018, the GDPR (General Data Protection Regulation) is perhaps the most well-known data protection regulation. The GDPR enhances individuals’ rights over their personal data and online privacy. It protects anyone in the EU (European Union) and EEA (European Economic Area).
The GDPR serves as a model for other data protection laws in other countries, including the CCPA (California Consumer Privacy Act). This regulation affected many businesses and nations, not just those in the EU when it was passed, as it applies to any company collecting personal information about individuals in the EEA, regardless of its location and the user’s citizenship or residence.
Brazil’s LGPD (General Personal Data Protection Law) was enacted in 2020 and is similar to GDPR. The LGPD regulates the collection and processing of personal data and visitor behavior of individuals, where that data is located, how it is processed and stored, and how that data is used to offer goods or services to users in Brazil.
The LGPD, like GDPR, combines several existing data laws under one unifying protection act. However, the LGPD does not specify a specific period for when enterprises must report data breaches, and the fines for violating the rules of the LGPD are lower than the GDPR.
CalOPPA affects websites well beyond California’s borders, as a website merely has to be accessed by a California resident to fall under CalOPPA.
Passed in 2018, the CCPA (California Consumer Privacy Act) further protects the privacy rights and consumer protections of residents of California. Under the CCPA, residents have the right to:
- Know what personal data is being collected.
- Know if their data is sold or disclosed.
- Decline the sale of their data.
- Access their data.
- Request that a business delete personal information.
- Exercise their privacy rights without facing discrimination.
Here’s a look at where other states stand in their efforts to pass privacy laws in the United States:
Image sourced from IAPP
- You need to let your users know who owns the website or app they’re using. Additionally, include contact information so users can reach out to the correct parties with questions or concerns.
- What user data is collected, including email addresses, names, physical addresses, contact details, social security numbers, payment details, etc. If you’re running a healthcare business and need to follow HIPAA compliance, you may also be handling sensitive information regarding patients’ medical history.
- How user data is collected; for example, personal information from forms, numbers from a phone number forwarding service, comments, or cookies. In this section, you should also detail what features on your site collect data, like opt-in forms or social media buttons.
- State whether you collect information from minors and if parental supervision is required. For example, the CCPA requires companies to implement processes to obtain parental consent for minors under 13 years for data sharing purposes.
- How and where data is stored, and the amount of time it’s stored. Similarly, state how data is secured with information about safety and security procedures, including how data is transferred across borders and overseas.
A WordPress editor page will generate headings and content that you can customize to meet your needs—perfect for when you need a basic disclosure or when you need to address the specifics of your auto attendant app, for instance.
- As you go through the template and fill in your information, double-check the template content for any incorrect or outdated information. WordPress does provide helpful information as you go through the template, explaining what each section means and providing examples of how to phrase it for your users.
When setting up your WordPress website, you may have overlooked privacy features. Although it’s a minor element of your website’s design, it’s a critical piece of compliance for your business and a reassurance for your visitors. It’s just as important as any contact form, domain name, or the overall website appearance, and it’s easier than figuring out how to apply for an EIN!
About our Guest Author: Jessica Day is the Senior Director for Marketing Strategy at Dialpad, a modern business communications platform and call recording solutions provider that takes every kind of conversation to the next level—turning conversations into opportunities. Jessica is an expert in collaborating with multifunctional teams to execute and optimize marketing efforts, for both company and client campaigns. Jessica has also written for other domains such as Plutio and Virtual Vocations. Here is her LinkedIn.