A new privacy law requires companies to make specific statements about what information is collected on its website. Like California, it also requires that companies state in writing whether they respect “Do Not Track” requests.
The broad new law impacts not just Delaware-based businesses, but any company that collects PII about a Delaware resident—in other words, virtually any company that transacts business online. The Delaware Online Privacy and Protection Act goes into effect January 1st, 2016.
- Identify what type of information is being collected;
- List the categories of third parties with whom the information is shared;
- Describe how users can review and change their collected information;
- Disclose how the company responds to “Do not track” signals; and
- Divulge whether or not third parties can collect PII about a user’s online activities from the company’s website or Internet services.