Privacy Compliance Concerns Your Business Must be Mindful Of

If you have a business, there are at least two really good reasons you should care about data privacy:

  1. Because you should care about what your customers care about, and the majority of them value privacy.
  2. Because it’s the law in many jurisdictions.

Data privacy is partly about doing right by your customers, and partly about complying with key regulations. If the first reason isn’t good enough for you, the threat of fines and penalties certainly should be.

With that in mind, here are some of the key privacy regulations that may pertain to your customers.

The California Consumer Privacy Act

All California residents will be endowed with new data privacy rights starting Jan. 1, 2020:

  • The right to deny the collection of personal data.
  • The right to know what personal data is collected.
  • The right to know if and whom that data is shared with or sold to.
  • The right to access that personal information.

The CCPA will apply to many businesses outside of California that have customers in the state – possibly including your own.

CCPA also has certain website opt-out requirements that apply to California consumers, which are outlined on the ABA’s site.

And even if no person from California would ever visit your site, or your business is exempt from CCPA due to its market size or the amount of data it collects, keep in mind that CCPA is expected to be a template for future privacy protection regulations in other states.

The General Data Protection Regulation

GDPR is, for all intents and purposes, old news. The deadline has come and gone.

But it’s worth mentioning on this list, especially considering the similarities to CCPA. For instance, both California and the EU have requirements regarding the notification of data breaches. Both also require that businesses maintain a data erasure option, or “the right to be forgotten.”

The only difference is that GDPR applies to EU consumers, meaning, any company with EU-based clientele are on the hook for compliance.


The CAN-SPAM Act dates back to 2003, but is arguably more of an issue now than ever before – especially for digital marketers.

Some of the key requirements include:

  • Have a visible unsubscribe button in every marketing email.
  • Honor unsubscribe requests within 10 days.
  • Include a physical address with each marketing email.
  • Contain at least one sentence.


A few of the more obvious data-compliance regulations include:

  • HIPAA: Applies to any company that processes or stores health records.
  • PCI: Applied to any company that stores or processes payment data.

One, or all, of these may apply to your business depending on its industry and operations.

Have more questions about privacy compliance? We’re all ears.

More from Black Raven

about us