Update Your Privacy Policy Now to Avoid Costly Penalties

|Lowndes Tech Blog

Sweeping consumer privacy law changes are moving quickly through the Florida legislature. Covered private businesses should act now to bring their privacy policies into compliance with the anticipated new requirements.

Below is a checklist of the top things that companies should incorporate into their privacy policies regarding to consumer data collection and selling practices.

5 Must-Haves for Your Privacy Policy:

  • Florida-specific consumer privacy rights;
  • Categories of personal information collected by the company;
  • Categories of personal information that the company sells or discloses to third parties;
    • The privacy policy should include the ability for consumers to “opt-out” of the sale or disclosure to third parties.
    • If none, the privacy policy should specify that no personal information is sold or disclosed.
  • Categories of personal information the company shares or discloses for a business purpose;
    • For example, what are the reasons the company uses personal information from consumers?
    • If none, the privacy policy should specify; and
  • Categories of third parties who receive the collected information from the company.

If your company sells consumer data to third parties, you must have a link on your privacy policy and/or website that permits consumers to “opt-out.” It must also allow them to select “do not sell or share my personal information” with third parties. 

Consumers may request a free copy of their personal information collected by the company up to twice a year. Companies must provide consumers with two different ways to access this information, such as through a link from the privacy policy and by calling a central number and making a request.

Additionally, the privacy policy should give consumers a link to request deletion of their personal information or to request a correction for data that is incorrect.

Data in your company’s possession should be secured through encryption or modification which removes identifying elements of an individual consumer’s personal information and presents the data in the aggregate or in an otherwise unusable format. Once you no longer need the data, delete it!

Privacy policies should be updated at least every 12 months and must be available on your company’s website.

Additionally, retention schedules must be in place regarding the use and retention of personal information after the initial reason for collection has passed.

Non-Florida businesses should pay attention to announcements in their home states since more and more are passing similar legislation.

For more information about Florida's privacy bill, tune into Florida Privacy Bill and Your Consumer Data [Lowndes Legal Talk].


This article is for informational purposes only and does not provide legal advice. Please do not act or refrain from acting based on anything you read here. Please review the full disclaimer for more information. Relying on the information provided in this article or communicating with Lowndes through our website does not create an attorney/client relationship.

Jump to Page

We use cookies on our website to improve functionality and collect statistical information on our website traffic. For details on how we use cookies, please see our Privacy Policy. By using this website, you agree to our Privacy Policy and Terms of Use

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. This type of cookie does not collect any personally identifiable information about you and does not track your browsing habits. You may disable necessary cookies by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies (also known as performance cookies) help us improve our website by collecting and reporting information on its usage at an aggregate level. You may disable analytical cookies by clicking on the Manage Cookies button.