The first concept of the U.S. Federal Open Data Policy gives this definition:
Personal data – any information related directly or indirectly to a certain or determined individual (subject of personal data).
There is no precise list in the law, but based on the definition, it can be concluded that all data that pertain to a specific person and can be identified can be considered personal. Also in the text, there are concepts of general, special, and biometric data.
With operators, everything is simpler – it’s anyone, company, or government agency that collects, stores, processes and performs other actions with personal data. The owner of the Internet resource can be attributed to the operators, if the site has the order forms, comments, registration, and feedback, in which the person enters the name, surname, email address, phone number, etc.
There is no form approved by law. But there is a list of information that must be prescribed in the document.
- On what grounds and for what purpose do you collect personal data.
- Your name, contact details, and address.
- Information about who is processing the data, if this is the responsibility of another company, as well as about third parties who have access to them.
- What data you process and from what sources you receive, including cookies.
- Terms of processing and storage of personal data.
- How do you observe the rights of the subject, provided by the law “On Personal Data”.
- Information that you are transferring data outside of the USA.
All this information can be stated in the free form. The main thing is that the document should contain all the information required by the law, and also make it clear to the user what happens to his personal data, how you can use them and what you do to protect his right to privacy and personal secrets.
How to make a document and place it on the site
The box “Consent to the processing of personal data” next to the forms is also mandatory. According to the law, you can collect and process information about users only with their consent, except for a few cases that do not apply to sites. Moreover, in the case of verification, the owner of the resource should be able to prove that there was consent.
To comply with this requirement on designers and popular CMS is not difficult – most developers quickly reacted and added this feature to their products.
For WordPress there are new plugins:
Both plug-ins meet the requirements of U.S. Federal Open Data Policy and are similar in functionality:
- automatically add checkboxes to the forms of comments and that created with the plugin “Contact Form 7”;
- Customize the text for the processing consent flag;
- set this default checkbox, although you do not need to do this – the user must agree, and therefore checkbox itself;
- prohibit submitting a form without it.
There are also old plugins that add checkboxes for subscribing to the newsletter, acceptance of a user agreement, etc. However, new products were developed specifically to comply with U.S. Federal Open Data Policy, and customize them for these purposes will be easier.
Finally, there are still a few requirements that you should not forget about
- You can not store and process data using databases hosted on foreign servers.
- Before starting to collect personal data, you must be notified to the government in paper or electronic form.
- To delegate the processing of personal data to other legal entities or individuals, you need to enter into a contract.
- The operator of personal data is obliged to ensure their safety through organizational, legal, and technical measures – to instruct staff, to develop local acts, to ensure reliable protection of databases, preventing leakage of information and third-party access.
Image already added