The global pandemic forced organizations of all kinds and sizes to change the ways they interact with their employees, customers, and clients.

More than ever, organizations rely on information they receive through digital means, whether by email, websites, or other types of online data collection. This radical shift occurred so quickly that many organizations may not have spent time considering whether this requires a change to the terms and conditions of their online privacy policies and terms of use.

As organizations assess how the pandemic may permanently modify their business practices, it is important that they not forget to review and update their website privacy policy and terms of use. Often organizations collect a variety of data from individuals who visit their sites, including names, email addresses, and background information in the form of cookies deposited on the user’s device.

While collection of this type of non-sensitive personal information is usually not a problem, organizations can unknowingly create a problem if their information collection and sharing practices differ from what their online policies state. In order to prevent confusion and challenges, organizations should update and clarify their terms of use on their websites to make sure they are consistent not only with the organizations’ actual practices, but also data privacy laws that are rapidly proliferating across the United States and the world.

We have previously reviewed efforts in Iowa, for example, to enact California-style data privacy legislation. Organizations that operate in multiple states need to be aware of any applicable data privacy requirements in those jurisdictions as well.

The pandemic has and will continue to re-shape business practices. As we continue to adapt to this changed world, it is important to make sure that our policies and representations to potential business partners are consistent with this changed reality.


Shareholder Attorney John Lande is chair of Dickinson Law’s Cybersecurity, Data Breach, & Privacy practice group. For more information on his practice, click here