Getting Consent When Changing Your Policies

James Chiodo, Certified Information Privacy Professional CIPP/US

You must notify your visitors and customers

I am sure at some point in time you have received privacy change notices in the mail or emailed to you, there is a good reason why you received them. The companies that sent you the notices are required by law to notify their customers and users when they change their privacy policies both on and off the Internet.

When changing your website terms and conditions or privacy policy, you cannot arbitrarily make the changes retroactive. You need to get the consent of your past customers and users or notify them in a meaningful way for those policy changes to be effective. At a minimum by email and ideally in writing if there are significant changes that affect your customers or user’s personally identifiable information (PII) that was collected under an earlier version of your privacy policy or terms and conditions.

“The Federal Trade Commission (FTC) is very clear on this subject and without the notification or express consent by customers and users; a company cannot use their information in a way that is materially inconsistent with the promises made in their policies at the time the information was collected. And by using such information could subject a company to enforcement action from the FTC under Section 5 ”Unfair or Deceptive Acts or Practices.”

As a website or blog operator, you need to remember that your privacy policy and terms and conditions are legal contracts with your visitors and customers. And the courts time and time again have held that parties to a contract (i.e., your customers and users) have no obligation to return and review a website’s privacy policy or terms and conditions to see whether or not they have been changed.

Internet privacy laws have been changing rapidly the last 5 years and will likely continue to change frequently. As a website or blog operator, it behooves you to pay attention to these laws and the requirements that go along with them. The repercussions for violating Internet privacy laws can range from $2,500 fines up to devastating lawsuits.


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More