Businesses need to be limber and proactive in reviewing their privacy policies to ensure that they remain current with legal changes (such as changes from opt-out to opt-in privacy notices) and that they are prepared to adapt their practices and policies to respond to new legislation, public trends, and business development. They also need to ensure that they are prepared for, what could be, a flood of requests to delete personal information as more people become aware of their data privacy rights.
Businesses may have become accustomed to requests to delete personal information in connection with marketing practices. However, with Data Privacy Day’s focus this year, businesses may see requests to delete other collections of personal information that they are less accustomed to addressing. As an example, businesses may see applicants for open positions requesting deletion of their data once a job opening has been filled or they receive notice that they are no longer being considered for the position. Data mapping needs to capture the places where data, regarding these applicants, may reside so that requests to delete can be addressed promptly and completely. In addition, policies may need to be prepared and information retention schedules would need to be refreshed.
On the business front, Apple’s current move to help users understand privacy practices in connection with applications before they are downloaded to a device using iOS14, iPadOS 14 and tvOS 14 also bears mention. As an integral part of that move, application developers will need to explain privacy practices, particularly tracking practices, in the App Store. Developers will be required to obtain the user’s permission through the new App Tracking Transparency Framework to track users or their devices or access the device’s advertising identifier.
Businesses that use or allow the use of MacBooks, iPads, and iPhones need to be mindful of the new policies. If an app or tracking is needed for an integrated app or code of another company, such as Single Sign On functionality, the app developer must obtain permission for the use and any tracking that occurs. Accordingly, instructions to employees will need to be specific around the app tracking needs of Single Sign On, and ultimately, the business using such apps may be responsible for the tracking practices of the subcontracted providers.
The bottom line is that 2021 is a year in which we can expect a new level of focus on individual privacy rights as a result of industry efforts to education and continuing legislation in the field, as well as specific efforts by businesses to increase transparency. In response, businesses need to be proactive in ensuring that data mapping and data deletion processes are up to date. Businesses that won’t be proactive this year may find themselves with a deluge of individual requests regarding data storage and deletion and may have a harder time catching up.