Website TOS Cheat Sheet

Key Laws
  1. CPRA/CCPA. California has two statutes focused primarily on the sale of California users' private information.
  2. GDPR. The European Union law focuses on the right of the owner of personal information to determine who possesses and uses it.
  3. COPPA. Governs websites that collect personal information from children under age 13.
  4. HIPAA. Protects individual privacy with respect to medical and other health care records.
Other Recent Laws/Trends
  1. Virginia. The Virginia Consumer Data Protection Act sets out consumer rights and company responsibilities regarding data use and collection.
  2. Colorado. The Colorado Data Privacy Law gives consumers the right to access, review, correct, and delete personal data.
  3. Connecticut. The Connecticut Data Privacy Law grants Nutmeg State residents data protection rights.
  4. Utah. The Utah Consumer Privacy Act grants Utahns rights over personal data and imposes obligations on businesses that collect and process it.
  5. Delaware The Delaware Personal Data Privacy Act gives consumers more control over personal information.
Suggested Best Practices
  1. Review and update your TOS at least annually.
  2. Make users take some action (i.e., checking a box, entering text, etc.) to accept the TOS.
  3. Store the confirmation action (i.e., checking the box) in a database so you have proof that the user accepted the TOS.
  4. Have your attorney review your TOS.