Privacy is an increasingly hot topic for an ever-more-connected world. We’ve seen both legislators and consumers become more vigilant around protecting their personal data. Even if sales of personal data are not your core business, this new focus on the topic could very well affect your company, and it is increasingly an area that an owner or executive of a business of any size needs to be concerned with.

At the Consumer Electronics Show, one of the largest trade shows in the world for technological innovation, one of the overarching themes this year has been an increased focus on privacy. But in a world of monolithic industry titans like Google and Amazon that rely on your personal data to maintain their deity-like status, what does this actually mean? And, perhaps more importantly, how does this increase in privacy concern affect your company? To help answer these questions, let’s examine five predictions for privacy in 2020 and consider how they might directly affect your small business.

1. More states will propose privacy laws.

Late in 2019, California notably passed the California Consumer Privacy Act. This landmark legislation regulates many businesses, including those not based in California. As of right now, a total of nine states have proposed laws that would require sites that collect any type of personal information, including in many cases something as simple as an email address for a newsletter signup, to have a compliant privacy policy. As these states follow California’s lead in regulating companies outside their own borders, there will be an increasing number of cases where multiple privacy laws can apply to a single business, and we anticipate it will continue to be more difficult for small companies to keep up with the litany of privacy requirements.

2. More privacy laws will go into effect.

In some states, such as Washington, passing these privacy proposals is a top priority in 2020. As an election year, lawmakers will look to take action and build momentum on a topic that is widely popular with consumers. But, as mentioned previously, these laws do have downsides, particularly around inconsistencies, particularly around multiple laws applying to a single company.

3. Swift enforcement will catch off-guard companies that believe these laws don’t apply to them.

Since most businesses collect some form of personally identifying information, there will be a continuing increase in 2020 of privacy laws that apply to your business. Personally identifying information can include billing and shipping information, email addresses related to a newsletter or contact us form, IP addresses collected through the use of Google Analytics, and other data that your company has access to through the course of its daily business, even if you don’t actively check or use that data. In many cases where you’re only passively collecting and barely using the data, a compliant privacy policy may be enough. But in some situations, your company may need to establish and follow a specific process for handling and disclosing personal data. If you’re unprepared, it will become increasingly likely during this decade that you could be targeted by prosecutors.

4. Progress will be made at a federal level.

The best case scenario for resolving some of the confusion currently surrounding privacy policies would be for a federal law to take effect that applies universally to all companies doing business in the United States. This would significantly reduce confusion and cost of compliance. There are currently six proposed federal bills in Washington, but some of these options would actually not override state policies. We anticipate that a federal bill will pass into law this year, but depending on which version becomes law, it could actually complicate matters rather than simplify them if state rules continue to take the lead.

5. International expansion continues to be fraught with privacy concerns.

In the United States, many of the new privacy bills we’re saying have been modeled after the California Consumer Privacy Act, but abroad the European Union continues to lead in the privacy protection arena. The General Data Protection Regulation (GDPR) took effect in 2018 and had a significant effect on online companies, even if they did not actively sell in Europe. That’s because the GDPR was set up in such a way that it could be a violation to collect the personal information of a European citizen without adhering to GDPR policies, even if that information was collected inadvertently. That means that even if you have a small website servicing Kansas City, MO, if a Belgian citizen signed up for your email newsletter and you had not implemented a GDPR-compliant privacy policy, your small Kansas business could be found to be in violation of the GDPR. We anticipate that problems like this will continue to increase in prevalence.

There is clearly a very significant issue developing in the war for privacy. These laws can affect small businesses, forcing executives to make a decision about whether the risk of a fine or the cost of compliance is preferable. The good news is that compliance doesn’t need to be confusing or costly. For many small businesses, the most important requirement is to simply have a privacy policy. It is, of course, also important to understand your privacy policy and follow the processes that it lays out. But the reality is that whether the policy exists at all could be the most important factor to your site’s compliance and to protecting yourself from troll lawsuits like what we have seen with accessibility compliance over the last several years. To that end, Empower Ideas is now partnering with Termageddon, a company that provides GDPR and CCPA-compliant privacy policies for your business, written by attorneys and updated automatically whenever the law changes or new laws emerge. This feature is included complimentary of any 1 Simple Subscription retainer plan at $100 per month or more. If you’re eligible, you can set it up right now from your Client Dashboard or contact your project manager for help.

Privacy will continue to be a landmark issue in 2020, and we recommend taking steps to ensure that your business is prepared and compliant.

‍