This is a little tricky because laws are written in legalese and every state is different.
Privacy policies are there to protect you and your potential customers.
Whenever your website collects a name and email address, you’re collecting Personally Identifiable Information (or PII).
Over a dozen states have proposed or already are implementing privacy laws to protect the Personally Identifiable Information (PII) of its citizens. Each of these laws has unique requirements as well as unique penalties for not complying. Some states are proposing businesses be fined over $5,000 per infringement (per website visitor). Some states are proposing private right of action (meaning citizens of that state can sue businesses anywhere in the US).https://termageddon.com/why-use-policies/
As of July 1, 2018, South Dakota enacted a data breach notification law.
The new law generally requires an “information holder” to notify South Dakota residents of any “breach of system security” involving their “personal or protected information.” An “Information holder” includes “any person or business that conducts business in the state” and owns or retains “personal or protected information” of South Dakota residents… Notification must be made to any South Dakota resident “whose personal or protected information was, or is reasonably believed to have been, acquired by an unauthorized person.”https://www.natlawreview.com/article/south-dakota-enacts-data-breach-notification-law
What this means is that if you have collected PII, you must notify South Dakota residents when their information may have been taken from your system.
That’s where my friends at Termageddon come in!
If you sign up for Termageddon using my affiliate link, I’ll still be able to help you install it. Win-win!