Most of the U.S. comprehensive privacy laws grant the following rights:
- Right to access;
- Right to correction;
- Right to data portability; and
- Right to deletion.
- The categories of personal information and sensitive information collected about consumers in the preceding 12 months;
- The sources from which personal information is collected;
- The business or commercial purposes for the collection, sale, or sharing of personal information;
- Categories of third parties with whom the personal information may be shared;
- How to exercise consumer rights; and
- The retention periods for personal information and sensitive information.
What are the Privacy Notice requirements under privacy laws effective in 2023?
The Virginia, Colorado, Connecticut, and Utah comprehensive privacy laws will be effective in 2023 and share many of the same requirements for inclusion in the privacy notice. Generally, these laws will require businesses to publish a privacy notice that is reasonably accessible, clear, and meaningful to consumers. All of them require that the privacy notice enumerate the following:
- The categories of personal information processed by the business;
- The purposes for processing the personal information;
- How consumers may exercise their rights;
- The categories of personal information the business shares with third parties; and
- Categories of third parties with whom the personal information is shared.
Some also require businesses to clearly and conspicuously disclose any processing the business conducts for targeted advertising, and how to opt out of such processing. The Connecticut Act Concerning Personal Data Privacy and Online Monitoring Act (CTDPA) also obliges businesses provide an e-mail or other online means a consumer may use to contact the business.
*Attorney Advertising. Prior results do not guarantee similar outcomes.