Disclaimer: Please note that this post does not constitute legal advice.
- Does your website use Google Analytics or another visitor tracking program?
- Is the tracking data anonymized?
- Do you have an email list subscribe form?
- Are users able to unsubscribe from your email list?
- How long do you store users’ information, online and offline?
- Do you take appropriate measures to secure the information, online and offline?
- Is the information shared with a third party? (As a reputable organization, we expect you don’t sell lists of users, but remember that your hosting company, your email list service provider, your web development agency, and so on all have access to your users’ information.)
- International Association of Privacy Professionals, Inc. Data Protection Policy Templates
IAPP provides two sample data protection policy templates, one for GDPR use, one for non-GDPR use.
TermsFeed has both free and paid versions, but you’ll need the paid version for a business or organization. The price will depend on the clauses you require.
For more information about CalOPPA, read the California Attorney General’s recommendations.