Privacy Policies/Information Notices

• Author: David Zetoony
• Profession: Is a partner in the Boulder, Colorado office of Bryan Cave Leighton Paisner, LLP, an international law firm
• Pages: 31-37

31

pRIVAcy poLIcIes/

InfoRMAtIon

notIces

Q.38 WHAt Is A pRIVAcy notIce?

A privacy notice (sometimes referred to as a privacy policy) is a docu-

ment provided by a company to data subjects that includes, among other

things, a description of what types of personal data the company collects,

how the company uses that data, with whom the company shares that

data, and how the company protects the data.

Q.39 If A coMpAny DRAfteD A pRIVAcy

notIce to coMpLy WItH UnIteD stAtes

LAWs, Does It neeD to cHAnGe tHe

notIce to coMpLy WItH tHe GDpR?

Yes.

Although the degree to which your privacy notice will need to

be changed depends on which United States laws it was designed to com-

ply with.

There are a number of laws within the United States that require

companies to provide people with a notice concerning the company’s

privacy practices—a document that is often interchangeably referred

to as “privacy notice,” “privacy policy,” or “information notice.” With

regard to the federal government these include the Gramm-Leach-Bliley

Act (“GLBA”), which requires nancial institutions to provide privacy

notices to customers, the Health Insurance Portability and Account-

ability Act (“HIPAA”), which requires health care plans, health insur-

ers, and health care providers to provide privacy notices to patients,

the Family Educational Rights and Privacy Act (“FERPA”), which