The new year brought with it many new laws, several of which affect privacy rights. Some of the big changes deal with minors, personal information, and data breach.
If you run a website (or mobile app) that allows minors to sign up as users or otherwise post content on the site, you must now comply with the “Eraser Button” law, which requires that any content posted by a minor be capable of being erased. Not only can the minor erase the content (or request the content be erased); the website must also provide a clear notice of the process by which this is to be done. In addition to the Eraser Button laws, the new laws concerning minors affect the type of advertising that can appear on minor-directed sites, or sites that have actual knowledge of minors’ use of such sites.
Personal information collected by websites has always been offered protection, and now the protections are even greater. For example, even if a website owner merely maintains and does not license or sell personal information, that website owner must still implement reasonable security practices to protect such information. Furthermore, when social security numbers are collected, such data cannot be sold to any third parties.
Not only is personal information offered more protection, data breaches may now become more burdensome for the company experiencing the breach. In addition to providing notice of the breach, the business will have to extend any identity theft prevention services it currently offers for a minimum of 12 months, at no cost.