Quick privacy guide for businesses of all sizes in 2024

Created by Todd Belcher, Modified on Sat, 13 Jul at 9:50 PM by Todd Belcher

What’s this all about? Generally, this is a CPRA/CCPA article. There is a great summary by Reflectiz @ https://www.reflectiz.com/blog/cpra-vs-ccpa/

Doing business in Europe? GDPR is another story: https://compleye.io/articles/10-gdpr-requirements-you-must-know-in-2024/

Whether a business has information from over 100K devices from California or not, trust can be gained from site visitors by ensuring the privacy policy is up to date.

1. Provide details about the business location and administrative phone/email
2. Provide details about tech in place
3. Include links to change cookie settings Include a link or email address for data requests, if any is being kept

This step should also include acquiring legal advice. We don’t provide legal advice.

WHY DO IT?
3 red flags for any vigilante whistleblower type:

1. Privacy policy dated before 2024
2. Can’t opt out of tracking/targeting cookies and methods directly
3. Can’t request, change, or delete data

Take care of these three things!

DO YOU QUALIFY FOR ENFORCEMENT?
The answer is yes if your business does any ONE of the following:

1. $25MM revenue
2. Over half of rev is from “selling data” / ads
3. Has data on 100K devices or more

HOW DO IT?

1. Fix the opt-out capability on the website through DNS, CMS, GTM, etc. Or, utilize SaaS like Didomi or Ketch (full disclosure, they are partners)
2. Add a link to a form where data requests can be made, or at least an email address
3. Then, update that privacy policy :)

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article