Privacy Policies: What You Need to Know

First, our favorite disclaimer here, as we’re getting ready to discuss something to do with compliance: Disclaimer: The following information on specific laws and regulations does not constitute legal advice. As always, compliance with federal, state and local laws is ultimately your responsibility. We recommend that you consult with legal counsel to ensure your processes and procedures are fully compliant. Lately there has been a lot of mention of privacy policies in the transportation industry in general. And if you attended yesterday’s monthly webinar series on Compliance, you would have heard that Tenstreet strongly encourages its clients to adopt and share one of their own as well. So what’s the deal? While the recent Facebook breach made privacy a hot-button issue again, privacy policy laws have actually been around since 2003, when California became the first state to require any website (and more recently any mobile app) that collects personally identifiable information from consumers residing in California to post their privacy policies in a conspicuous place on their website. Canada also has the Personal Information Protection and Electronic Documents Act (PIPEDA), which serves the same purpose for our northerly neighbors. If you recruit or have trucks in Canada, a privacy policy is required by law to make your consumers privy to how you collect, use, and disclose personally identifiable information (PII).

I don’t operate in California. Why should I care?

Interestingly enough, in the absence of a federal regulation, the California Online Privacy Protection Act (CalOPPA) serves as the national standard for privacy policy laws across the country. And more importantly, simply because of the wide-reaching nature of the internet and technology, California residents are already likely to be visiting your website and/or using your app. Even if they haven’t yet, having a California resident stumble upon your website or app (or your IntelliApp), provide their PII, and then discover that you haven’t explicitly told them how you intend to use their data opens you up for a lawsuit. Just as plaintiffs and their attorneys are actively going after carriers who aren’t following adverse action laws to a T, so too will they prey on carriers who aren’t following privacy policy laws as they are legally required to do. Even if you’re only working with drivers in a specific local area, it’s a safeguard smart companies have in place.

What is considered personally identifiable information (PII)?

According to CalOPPA legislation, if you collect any of the following PII you should be sharing your privacy policy with your consumers (e.g. your prospective drivers, employees, etc.):
  • First and last name
  • Physical street address
  • Email address
  • Telephone number
  • Social Security Number
  • Date of birth
  • Height, weight, hair color
  • Anything else about the individual that’s collected online and stored

Okay, so what exactly is a privacy policy, and what does it do for me?

It’s simple – a privacy policy lets your customers know what data you’re collecting and what you plan to do with it. It also provides details on how long you plan to store the data, where it will be stored, who has access to it, how someone can update it, and sometimes even the security policy used to protect the data.

How do I make a privacy policy of my own?

This is a simple answer too: you can download the Sample Tenstreet Customer Privacy Policy Template to get started. Additionally, the Better Business Bureau provides this sample privacy policy for businesses to use. You can find privacy policy generators online for free, or check out the FTC’s website to help guide US businesses specifically. But it’s not enough to simply copy the contents of a template and throw it on your website. It’s a policy that you would be adopting, so a thorough review of your actual processes and procedures needs to be completed to ensure you’re accurately disclosing the protocols you have in place. And if you really aren’t doing anything, a template is a perfect place to start outlining the things you will need to start doing so you stay compliant and true to the policy you release.

Why should I link to my privacy policy from my IntelliApp?

We think it’s a really obvious place to post it as often this is the main form (or the only form for many clients) where PII is being collected. Anybody filling out your online application will easily be able to read about your intentions with their PII. We also link to our own privacy policy here as well. Once you do get your privacy policy in place (or if you already have one), email it to [email protected] or to your Account Manager and we’ll get your IntelliApp updated. We at Tenstreet follow the always-changing legal landscape around the country, including how it affects our platform and our customers. And even though we never offer legal advice, we do tell our customers to talk to an attorney when we notice they could be doing something better (and we usually provide specifics). We believe this makes us unique in our competitive space.      

Share this post